Symfony 4.2.x < 4.2.12, 4.3.x < 4.3.8 Multiple Vulnerabilities

Symfony is prone to multiple vulnerabilities.

The following vulnerabilities exist: - The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. - Some strings were not properly escaped when being dumped by the VarExporter component. The VarExporter is notably used by the Symfony Cache Component PhpFilesAdapter and PhpArrayAdapter adapters.

Symfony versions 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7.

Checks if a vulnerable version is present on the target host.

The issue has been fixed in Symfony 4.2.12 and 4.3.8. NOTE: No fixes are provided for Symfony 4.1 as they are not maintained anymore. It is recommended to upgrade to a supported version as soon as possible.