Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
| Software | From | Fixed in |
|---|---|---|
| sensiolabs / symfony | 3.4.0 | 3.4.34.x |
| sensiolabs / symfony | 4.2.0 | 4.2.11.x |
| sensiolabs / symfony | 4.3.0 | 4.3.7.x |
| sensiolabs / symfony | 2.8.0 | 2.8.50.x |
| fedoraproject / fedora | 30 | 30.x |
| fedoraproject / fedora | 31 | 31.x |
symfony / http-kernel
|
2.2.0 | 2.8.52 |
|
symfony / http-kernel
|
3.0.0 | 3.4.35 |
|
symfony / http-kernel
|
4.0.0 | 4.2.12 |
|
symfony / http-kernel
|
4.3.0 | 4.3.8 |
|
symfony / symfony
|
2.2.0 | 2.8.52 |
|
symfony / symfony
|
3.0.0 | 3.4.35 |
|
symfony / symfony
|
4.0.0 | 4.2.12 |
|
symfony / symfony
|
4.3.0 | 4.3.8 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
- https://github.com/symfony/symfony/releases/tag/v4.3.8
- https://lists.fedoraproject.org/archives/list/[email protected]/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
- https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
- https://symfony.com/blog/symfony-4-3-8-released
- https://symfony.com/cve-2019-18887