CVE-2018-11408

Name of the Vulnerable Software and Affected Versions Symfony versions 2.7.x through 2.7.47 Symfony versions 2.8.x through 2.8.40 Symfony versions 3.3.x through 3.3.16 Symfony versions 3.4.x through 3.4.10 Symfony versions 4.0.x through 4.0.10

Description The issue is related to an open redirect vulnerability in the Security component of Symfony. This vulnerability can be exploited by a remote attacker to conduct phishing attacks and gain access to protected information using a specially crafted URI. The vulnerability exists due to an incomplete fix for a previous issue.

Recommendations For Symfony versions 2.7.x, update to version 2.7.48 or later. For Symfony versions 2.8.x, update to version 2.8.41 or later. For Symfony versions 3.3.x, update to version 3.3.17 or later. For Symfony versions 3.4.x, update to version 3.4.11 or later. For Symfony versions 4.0.x, update to version 4.0.11 or later.