Vulnerabilities

CVE-2019-10913

by Fred · 16/05/2019

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.

Date published : 2019-05-16

https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec

https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides

Similar

Tags: Cybersecurity Alert