cvelist/2018/11xxx/CVE-2018-11408.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2018-11408",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.  NOTE: this issue exists because of an incomplete fix for CVE-2017-16652."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",
            "refsource" : "MLIST",
            "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
         },
         {
            "name" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers",
            "refsource" : "CONFIRM",
            "url" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers"
         },
         {
            "name" : "FEDORA-2018-96d770ddc9",
            "refsource" : "FEDORA",
            "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"
         },
         {
            "name" : "FEDORA-2018-ba0b683c10",
            "refsource" : "FEDORA",
            "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"
         },
         {
            "name" : "FEDORA-2018-eba0006df2",
            "refsource" : "FEDORA",
            "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"
         }
      ]
   }
}
- Synchronized data. 2018-05-24 02:05:20 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2018-11408",`
- Synchronized data. 2018-06-13 12:05:04 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
- Synchronized data. 2018-05-24 02:05:20 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Synchronized data. 2018-06-13 12:05:04 -04:00			`"value" : "The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
- Synchronized data. 2019-03-10 06:09:15 -04:00			`{`
			`"name" : "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",`
			`"refsource" : "MLIST",`
			`"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"`
			`},`
- Synchronized data. 2018-06-13 12:05:04 -04:00			`{`
			`"name" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers",`
			`"refsource" : "CONFIRM",`
			`"url" : "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers"`
			`},`
			`{`
			`"name" : "FEDORA-2018-96d770ddc9",`
			`"refsource" : "FEDORA",`
			`"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"`
			`},`
			`{`
			`"name" : "FEDORA-2018-ba0b683c10",`
			`"refsource" : "FEDORA",`
			`"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"`
			`},`
			`{`
			`"name" : "FEDORA-2018-eba0006df2",`
			`"refsource" : "FEDORA",`
			`"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"`
- Synchronized data. 2018-05-24 02:05:20 -04:00			`}`
			`]`
			`}`
			`}`