Stefano Angaran

**Name of the Vulnerable Software and Affected Versions** Symfony versions 2.7.x through 2.7.37 Symfony versions 2.8.x through 2.8.30 Symfony versions 3.2.x through 3.2.13 Symfony versions 3.3.x through 3.3.12 **Description** The issue is related to the generation of a redirect response by the `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` components in the Symfony platform, without checking the ` target path` parameter. This can allow a remote attacker to conduct phishing attacks and gain access to protected information by using a specially crafted URI. The vulnerability can be exploited to mount effective phishing attacks, as it allows for an open redirect to an external domain. **Recommendations** For Symfony versions 2.7.x through 2.7.37, update to version 2.7.38 or later. For Symfony versions 2.8.x through 2.8.30, update to version 2.8.31 or later. For Symfony versions 3.2.x through 3.2.13, update to version 3.2.14 or later. For Symfony versions 3.3.x through 3.3.12, update to version 3.3.13 or later.