### [CVE-2019-18887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

### POC

#### Reference
- https://github.com/symfony/symfony/releases/tag/v4.3.8
- https://github.com/symfony/symfony/releases/tag/v4.3.8

#### Github
No PoCs found on GitHub currently.