UBUNTU-CVE-2018-11408
- Source
- https://ubuntu.com/security/CVE-2018-11408
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-11408.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2018-11408
- Related
- Published
- 2018-06-13T16:29:00Z
- Modified
- 2024-10-15T14:06:27Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.
- References
-
- https://ubuntu.com/security/CVE-2018-11408
- https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
- https://www.cve.org/CVERecord?id=CVE-2018-11408
Affected packages
Ubuntu:Pro:16.04:LTS / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected