| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-11358 | 4.3 |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
|
16-02-2024 - 16:32 | 20-04-2019 - 00:29 | |
| CVE-2019-10911 | 6.0 |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functional
|
29-09-2021 - 16:27 | 16-05-2019 - 22:29 | |
| CVE-2019-10910 | 7.5 |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-inject
|
29-09-2021 - 16:23 | 16-05-2019 - 22:29 | |
| CVE-2019-10909 | 3.5 |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
|
20-04-2021 - 12:53 | 16-05-2019 - 22:29 |