CVE STALKER

CVE-2021-41270

CVSS
DESCRIPTIONSymfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`.
HEAT SCORE33

WORDS

TWEETS

DATE TWEETS USER
2021-12-03 03:23:02🚨 NEW: CVE-2021-41270 🚨 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP… https://t.co/bRrlfa0Lc4 https://twitter.com/i/web/status/1466608013654073348threatintelctr
2021-12-01 11:42:21New post from https://t.co/uXvPWJy6tj (CVE-2021-41270 (symfony)) has been published on https://t.co/V47Uz9CL2R http://www.sesin.at https://www.sesin.at/2021/12/01/cve-2021-41270-symfony/WolfgangSesin
2021-12-01 11:41:35New post from https://t.co/9KYxtdZjkl (CVE-2021-41270 (symfony)) has been published on https://t.co/T65R8HSAne http://www.sesin.at https://www.sesin.at/2021/12/01/cve-2021-41270-symfony/www_sesin_at
2021-12-01 08:20:42🚨 NEW: CVE-2021-41270 🚨 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP… https://t.co/QFuKxPqYOO https://twitter.com/i/web/status/1465958735231299593threatintelctr
2021-11-27 21:00:12CVE-2021-41270: Prevent CSV Injection via formulas https://t.co/tfHK7Lu9BW #php #symfony https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas?utm_source=Symfony%20Blog%20Feed&utm_medium=feednomadphp
2021-11-27 07:10:18CVE-2021-41270 https://t.co/z8sjr1rYHJ #HarsiaInfo https://har-sia.info/CVE-2021-41270.htmlHar_sia
2021-11-26 14:51:41これってCSVがCSVとして扱われる限り問題無いような気もするのだけど脆弱性になるの? CSVを数式として処理する表計算ソフトが悪い気がするのだけど / “CVE-2021-41270: Prevent CSV Injection… https://t.co/Ayz2ZnV5SH https://twitter.com/i/web/status/1464243803767066629ngyuki
2021-11-26 11:00:23CVE-2021-41270: Prevent CSV Injection via formulas https://t.co/tfHK7Lu9BW #php #symfony https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas?utm_source=Symfony%20Blog%20Feed&utm_medium=feednomadphp
2021-11-26 08:50:27CVE-2021-41270 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framewor… https://t.co/GhjuDKxcKm https://twitter.com/i/web/status/1464149450545319936eyeTSystems
2021-11-25 23:10:05CVE-2021-41270 https://t.co/z8sjr1rYHJ #HarsiaInfo https://har-sia.info/CVE-2021-41270.htmlHar_sia
2021-11-25 00:00:11CVE-2021-41270 shall henceforth be named Undersized Tackle https://t.co/HU0BDhxDqT https://nvd.nist.gov/vuln/detail/CVE-2021-41270vulnonym
2021-11-24 23:30:36CVE-2021-41270: Prevent CSV Injection via formulas - https://t.co/8UskWe1Vhh #PHP #PHPNews #WebDev #Symfony https://t.co/6QFRKez9Ma http://phpinthenews.com/11716622/cve-2021-41270-prevent-csv-injection-via-formulas?via=twphpinthenews
2021-11-24 22:13:34Symfony - CVE-2021-41270: https://t.co/46hffAbQLq https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8LinInfoSec
2021-11-24 22:02:02CVE-2021-41270 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framewo… https://t.co/55EeEZa9f6 https://twitter.com/i/web/status/1463626448946663427VulmonFeeds
2021-11-24 21:43:27New post from https://t.co/uXvPWJy6tj (CVE-2021-41270) has been published on https://t.co/377QBX1hOM http://www.sesin.at https://www.sesin.at/2021/11/24/cve-2021-41270/WolfgangSesin
2021-11-24 21:42:07New post from https://t.co/9KYxtdZjkl (CVE-2021-41270) has been published on https://t.co/rd0984ymoO http://www.sesin.at https://www.sesin.at/2021/11/24/cve-2021-41270/www_sesin_at
2021-11-24 19:51:27CVE-2021-41270 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framewor… https://t.co/FW88W9XuOD https://twitter.com/i/web/status/1463594560496537605CVEnew
2021-11-24 19:21:08CVE-2021-41270 : Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framew… https://t.co/UFuAkGcP8J https://twitter.com/i/web/status/1463586183875805186CVEreport
2021-11-24 19:20:16🚨 NEW: CVE-2021-41270 🚨 Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP… https://t.co/6VxvP6pSy9 https://twitter.com/i/web/status/1463588112156827648threatintelctr
2021-11-24 11:20:41CVE-2021-41270: Prevent CSV Injection via formulas https://t.co/jkgdWBCVqw https://t.co/gEyzx0rRRN http://dlvr.it/SD5tBkwebsagiles
2021-11-24 09:22:27CVE-2021-41270: Prevent CSV Injection via formulas https://t.co/FGyrXb60vO #symfony https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulassymfony