CVE-2015-8125 in Symfony信息

摘要

由 VulDB • 2026-06-14

Symfony 2.3.x(低于 2.3.35)、2.6.x(低于 2.6.12)以及 2.7.x(低于 2.7.7)可能存在远程攻击者通过计时攻击造成未指定影响的风险,涉及 Symfony Security Component 中的 (1) `Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices` 或 (2) `Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener` 类,或者 Symfony Form component 中来自 `Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider` 类的遗留 CSRF 实现。

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!