An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-12-18 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-19790
Mitre link : CVE-2018-19790
CVE.ORG link : CVE-2018-19790
JSON object : View
Products Affected
debian
- debian_linux
sensiolabs
- symfony
fedoraproject
- fedora
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')