VDB
CVE-2022-24894
CVE-2022-24894
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Symfony storing cookie headers in HttpCache
EPSS 0.18% · 39.7th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
EPSS Score
0.18%
39.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sensiolabs | symfony | 5.0.0, 2.0.0, 6.2.0 |
| symfony | symfony | >= 5.0.0, < 5.4.20, >= 6.0.0, < 6.0.20, >= 6.1.0, < 6.1.12 |
| symfony | http-kernel | 6.2.0, 5.0.0, 6.0.0 |
| symfony | symfony | 2.0.0, 6.0.0, 5.0.0 |
Exploit Intelligence
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc-repo)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc)
- CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Header Injection - CVE-2022-24894 - WebProfiler abierto - CVE-2019-10909 - Directory Traversal (github-poc)
…and 6 more exploits
Timeline
- Feb 1, 2023 CVE Published
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- Jun 4, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
- Aug 23, 2023 EPSS Score
- Oct 2, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
- Jan 30, 2024 EPSS Score
References
- https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv url
- https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb url
- https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-24894 advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml url
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml url
- https://github.com/symfony/symfony package
- https://symfony.com/cve-2022-24894 url