Open Redirect Vulnerability in Symfony 2.7.x - 4.2.x

Open Redirect Vulnerability in Symfony 2.7.x - 4.2.x

CVE-2018-19790 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

Learn more about our User Device Pen Test.