Lucene search
Veracode Vulnerability DatabaseVERACODE:5466HistoryNov 21, 2017 - 6:26 a.m.
Directory Traversal
2017-11-2106:26:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
57.5%
Symphony is vulnerable to directory traversal attacks. The read() function in the bundle readers does not sanitize user input, allowing a malicious user to traverse the directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| symfony/symfony | le | 4.0.0-BETA4 | |
| symfony/symfony | le | 2.8.30 | |
| symfony/symfony | le | 3.2.13 | |
| symfony/symfony | le | 2.7.37 | |
| symfony/symfony | le | 3.4.0-BETA4 | |
| symfony/symfony | le | 3.3.11 |
Related
ubuntucve
ubuntucve
CVE-2017-16654
2018-08-06 00:00:00
friendsofphp
friendsofphp
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-16 15:15:44
github
github
Symfony Directory Traversal
2022-05-14 01:21:16
prion
prion
Directory traversal
2018-08-06 21:29:00
cvelist
cvelist
CVE-2017-16654
2018-08-06 21:00:00
redhatcve
redhatcve
CVE-2017-16654
2022-05-20 23:43:31
osv
osv
CVE-2017-16654
2018-08-06 21:29:00
Symfony Directory Traversal
2022-05-14 01:21:16
symfony - security update
2019-03-09 00:00:00
nvd
nvd
CVE-2017-16654
2018-08-06 21:29:00
cve
cve
CVE-2017-16654
2018-08-06 21:29:00
symfony
symfony
CVE-2017-16654: Intl bundle readers breaking out of paths
2017-11-17 00:00:00
debiancve
debiancve
CVE-2017-16654
2018-08-06 21:29:00
openvas
openvas
Symfony <= 2.7.37, 2.8.* <= 2.8.30, 3.* <= 3.2.13 and 3.3.* <= 3.3.12 Multiple Vulnerabilities
2018-08-07 00:00:00
Debian: Security Advisory (DLA-1707-1)
2019-03-10 00:00:00
Debian: Security Advisory (DSA-4262-1)
2018-08-02 00:00:00
debian
debian
[SECURITY] [DLA 1707-1] symfony security update
2019-03-10 01:19:23
[SECURITY] [DSA 4262-1] symfony security update
2018-08-03 16:32:58
nessus
nessus
Debian DLA-1707-1 : symfony security update
2019-03-11 00:00:00
Debian DSA-4262-1 : symfony - security update
2018-08-06 00:00:00