CVE-2018-14774

Published: Aug 3, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a

x_refsource_CONFIRM

https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14774

Description

Affected Products

References