Vulnerability CVE-2019-18887

Vulnerability CVE-2019-18887

Published: 2019-11-21 Modified: 2019-11-24

Description:

Type:

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Affected software
Sensiolabs -> Symfony
Fedoraproject -> Fedora

https://github.com/symfony/symfony/releases/tag/v4.3.8

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/

https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner

https://symfony.com/blog/symfony-4-3-8-released