CVE-2018-19790

Priority
Description
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x
before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9
and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input
field of login forms, an attacker can work around the redirection target
restrictions and effectively redirect the user to any domain after login.
Package
Upstream:released (3.4.20+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):not-affected (3.4.20+dfsg-1)
Ubuntu 19.10 (Eoan):not-affected (3.4.20+dfsg-1)
More Information

Updated: 2019-07-10 22:14:24 UTC (commit 4812d6013fea591ddfee25a8b27f72cfb613e75a)