Security Advisory

CVE-2018-14774

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-08-03 17:00:00

Last updated 2024-08-05 09:38:13

Assigner mitre

State PUBLISHED

Description

An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.

← Browse all CVEs View on cve.org ↗