Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2017-16654
HistoryAug 06, 2018 - 9:00 p.m.

CVE-2017-16654

2018-08-0621:00:00
mitre
www.cve.org
1

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.

Related

veracode 1
github 1
prion 1
friendsofphp 2
ubuntucve 1
redhatcve 1
osv 4
nvd 1
cve 1
symfony 1
debiancve 1
openvas 3
debian 2
nessus 2
veracode
veracode
Directory Traversal
2017-11-21 06:26:16
github
github
Symfony Directory Traversal
2022-05-14 01:21:16
prion
prion
Directory traversal
2018-08-06 21:29:00
friendsofphp
friendsofphp
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
ubuntucve
ubuntucve
CVE-2017-16654
2018-08-06 00:00:00
redhatcve
redhatcve
CVE-2017-16654
2022-05-20 23:43:31
osv
osv
CVE-2017-16654
2018-08-06 21:29:00
Symfony Directory Traversal
2022-05-14 01:21:16
symfony - security update
2019-03-09 00:00:00
nvd
nvd
CVE-2017-16654
2018-08-06 21:29:00
cve
cve
CVE-2017-16654
2018-08-06 21:29:00
symfony
symfony
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-17 00:00:00
debiancve
debiancve
CVE-2017-16654
2018-08-06 21:29:00
openvas
openvas
Symfony <= 2.7.37, 2.8.* <= 2.8.30, 3.* <= 3.2.13 and 3.3.* <= 3.3.12 Multiple Vulnerabilities
2018-08-07 00:00:00
Debian: Security Advisory (DLA-1707-1)
2019-03-10 00:00:00
Debian: Security Advisory (DSA-4262-1)
2018-08-02 00:00:00
debian
debian
[SECURITY] [DLA 1707-1] symfony security update
2019-03-10 01:19:23
[SECURITY] [DSA 4262-1] symfony security update
2018-08-03 16:32:58
nessus
nessus
Debian DLA-1707-1 : symfony security update
2019-03-11 00:00:00
Debian DSA-4262-1 : symfony - security update
2018-08-06 00:00:00

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON
Related for CVELIST:CVE-2017-16654
veracode1github1prion1friendsofphp2ubuntucve1redhatcve1osv4nvd1cve1symfony1debiancve1openvas3debian2nessus2