CVE-2018-14774

Name of the Vulnerable Software and Affected Versions Symfony versions 2.7.0 through 2.7.48 Symfony versions 2.8.0 through 2.8.43 Symfony versions 3.3.0 through 3.3.17 Symfony versions 3.4.0 through 3.4.13 Symfony versions 4.0.0 through 4.0.13 Symfony versions 4.1.0 through 4.1.2

Description An issue was discovered in HttpKernel when using HttpCache. The values of the X-Forwarded-Host headers are implicitly set as trusted, which should be forbidden, leading to potential host header injection.

Recommendations For Symfony versions 2.7.0 through 2.7.48, update to a version outside of this range to resolve the issue. For Symfony versions 2.8.0 through 2.8.43, update to a version outside of this range to resolve the issue. For Symfony versions 3.3.0 through 3.3.17, update to a version outside of this range to resolve the issue. For Symfony versions 3.4.0 through 3.4.13, update to a version outside of this range to resolve the issue. For Symfony versions 4.0.0 through 4.0.13, update to a version outside of this range to resolve the issue. For Symfony versions 4.1.0 through 4.1.2, update to a version outside of this range to resolve the issue.