CVE-2019-18887

Published November 21st, 2019

View on NVD ↗

CVSS v3

8.1

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.

symfony/symfony

The Symfony PHP framework

GitHub

31.1K