An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-03T17:00:00
Updated: 2024-08-05T09:38:13.918Z
Reserved: 2018-07-31T00:00:00
Link: CVE-2018-14774
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-08-03T17:29:00.347
Modified: 2018-10-17T17:05:12.003
Link: CVE-2018-14774
Redhat
No data.