CVE-2017-16653

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 2.7.38 Symfony versions prior to 2.8.31 Symfony versions prior to 3.2.14 Symfony versions prior to 3.3.13 Symfony versions prior to 3.4-BETA5 Symfony versions prior to 4.0-BETA5

Description The issue is related to the CSRF protection in Symfony, where the current implementation does not use different tokens for HTTP and HTTPS. This makes the token subject to Man-In-The-Middle (MITM) attacks on HTTP, which can then be used in an HTTPS context to perform CSRF attacks. The vulnerability can allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 2.7.38, update to version 2.7.38 or later. For versions prior to 2.8.31, update to version 2.8.31 or later. For versions prior to 3.2.14, update to version 3.2.14 or later. For versions prior to 3.3.13, update to version 3.3.13 or later. For versions prior to 3.4-BETA5, update to version 3.4-BETA5 or later. For versions prior to 4.0-BETA5, update to version 4.0-BETA5 or later.