CVE-2017-18343 : The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS v

The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar

Published 2018-07-20 00:29:00

Updated 2024-04-11 00:58:07

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2017-18343

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-18343

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2017-18343

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-18343

https://github.com/symfony/symfony/pull/23684

[Debug] Missing escape in debug output by c960657 · Pull Request #23684 · symfony/symfony · GitHub
Third Party Advisory
https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c

fix XSS vulnerability by om3rcitak · Pull Request #7 · symfony/debug · GitHub
Patch;Third Party Advisory
https://github.com/symfony/symfony/issues/27987

Security Vulnerability - Cross-site Scripting · Issue #27987 · symfony/symfony · GitHub
Exploit;Third Party Advisory
https://github.com/barryvdh/laravel-debugbar/issues/850

Security Vulnerability - Cross-site Scripting · Issue #850 · barryvdh/laravel-debugbar · GitHub
Exploit;Third Party Advisory

Products affected by CVE-2017-18343

Sensiolabs » Symfony
Versions from including (>=) 3.0.0 and before (<) 3.2.13
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Matching versions
Sensiolabs » Symfony
Versions from including (>=) 3.3.0 and before (<) 3.3.6
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Matching versions
Sensiolabs » Symfony
Versions from including (>=) 2.8.0 and before (<) 2.8.26
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Matching versions
Sensiolabs » Symfony
Versions before (<) 2.7.33
cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-18343

Exploit prediction scoring system (EPSS) score for CVE-2017-18343

CVSS scores for CVE-2017-18343

CWE ids for CVE-2017-18343

References for CVE-2017-18343

Products affected by CVE-2017-18343