VDB
CVE-2022-24895
CVE-2022-24895
PUBLISHED
CVSS 6.300000190734863 MEDIUM
De multiples vulnérabilités ont été découvertes dans Symfony. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).
EPSS 0.03% · 7.3th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.03%
7.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| symfony | security-bundle | 6.2.0, 2.0.0, 5.0.0 |
| sensiolabs | symfony | 6.2.0, 2.0.0, 5.0.0 |
| symfony | symfony | *, >= 2.0.0, < 4.4.50, >= 6.1.0, < 6.1.12 |
| symfony | symfony | 5.0.0, 6.0.0, 6.1.0 |
| Symfony | Symfony |
Exploit Intelligence
- https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m (circl)
- https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946 (circl)
- https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 (circl)
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml (circl)
- https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html (circl)
Timeline
- Feb 1, 2023 CVE Published
- Feb 4, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- Apr 25, 2023 EPSS Score
- Jun 4, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
- Aug 23, 2023 EPSS Score
- Oct 2, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
- Jan 30, 2024 EPSS Score
References
- https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m url
- https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946 url
- https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 url
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml url
- https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-24895 advisory
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml url
- https://github.com/symfony/symfony package
- https://symfony.com/cve-2022-24895 url