Xabbuh

**Name of the Vulnerable Software and Affected Versions** Symfony versions 2.7.30, 2.8.23, 3.2.10, and 3.3.3 **Description** The issue is related to incorrect access control, which can be exploited remotely. It affects the password validator component. **Recommendations** For Symfony version 2.7.30, update to a version that includes the fix for this issue. For Symfony version 2.8.23, update to a version that includes the fix for this issue. For Symfony version 3.2.10, update to a version that includes the fix for this issue. For Symfony version 3.3.3, update to a version that includes the fix for this issue.

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.7.x through 2.7.49 Symfony versions 2.8.x through 2.8.48 Symfony versions 3.x through 3.4.19 Symfony versions 4.0.x through 4.0.14 Symfony versions 4.1.x through 4.1.8 Symfony versions 4.2.x through 4.2.0 Description: An open redirect issue was found, allowing an attacker to bypass redirection target restrictions by using backslashes in the ` failure path` input field of login forms. This enables the attacker to redirect the user to any domain after login, potentially leading to unauthorized access to information or execution of arbitrary code. Recommendations: For Symfony versions 2.7.x through 2.7.49, update to version 2.7.50 or later. For Symfony versions 2.8.x through 2.8.48, update to version 2.8.49 or later. For Symfony versions 3.x through 3.4.19, update to version 3.4.20 or later. For Symfony versions 4.0.x through 4.0.14, update to version 4.0.15 or later. For Symfony versions 4.1.x through 4.1.8, update to version 4.1.9 or later. For Symfony versions 4.2.x through 4.2.0, update to version 4.2.1 or later.