Federico Stange

**Name of the Vulnerable Software and Affected Versions** Symfony versions 2.7.x through 2.7.47 Symfony versions 2.8.x through 2.8.40 Symfony versions 3.3.x through 3.3.16 Symfony versions 3.4.x through 3.4.10 Symfony versions 4.0.x through 4.0.10 **Description** The issue is related to the HttpFoundation component in Symfony, specifically the PDOSessionHandler class, which allows storing sessions on a PDO connection. Under certain configurations and with a well-crafted payload, it is possible to cause a denial of service on a Symfony application without significant resources. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Symfony versions 2.7.x through 2.7.47, update to version 2.7.48 or later. For Symfony versions 2.8.x through 2.8.40, update to version 2.8.41 or later. For Symfony versions 3.3.x through 3.3.16, update to version 3.3.17 or later. For Symfony versions 3.4.x through 3.4.10, update to version 3.4.11 or later. For Symfony versions 4.0.x through 4.0.10, update to version 4.0.11 or later.