Home > Vulnerability Database > CVE-2017-18343

Mend.io Vulnerability Database

CVE-2017-18343

Date: July 19, 2018

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar

Severity Score

6.1

Related Resources (6)

Url: https://github.com/symfony/symfony/pull/23684

Url: https://github.com/symfony/symfony/issues/27987

Url: https://github.com/barryvdh/laravel-debugbar/issues/850

Url: https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-18343

Url: https://www.mend.io/vulnerability-database/CVE-2017-18343

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-18343

Date: July 19, 2018

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?