CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41270

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.3%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2021-41270

Sensiolabs » Symfony » Version: 4.1.0

cpe:2.3:a:sensiolabs:symfony:4.1.0
Sensiolabs » Symfony » Version: 4.1.1

cpe:2.3:a:sensiolabs:symfony:4.1.1
Sensiolabs » Symfony » Version: 4.1.10

cpe:2.3:a:sensiolabs:symfony:4.1.10
Sensiolabs » Symfony » Version: 4.1.11

cpe:2.3:a:sensiolabs:symfony:4.1.11
Sensiolabs » Symfony » Version: 4.1.12

cpe:2.3:a:sensiolabs:symfony:4.1.12
Sensiolabs » Symfony » Version: 4.1.13

cpe:2.3:a:sensiolabs:symfony:4.1.13
Sensiolabs » Symfony » Version: 4.1.2

cpe:2.3:a:sensiolabs:symfony:4.1.2
Sensiolabs » Symfony » Version: 4.1.3

cpe:2.3:a:sensiolabs:symfony:4.1.3
Sensiolabs » Symfony » Version: 4.1.4

cpe:2.3:a:sensiolabs:symfony:4.1.4
Sensiolabs » Symfony » Version: 4.1.5

cpe:2.3:a:sensiolabs:symfony:4.1.5
Sensiolabs » Symfony » Version: 4.1.6

cpe:2.3:a:sensiolabs:symfony:4.1.6
Sensiolabs » Symfony » Version: 4.1.7

cpe:2.3:a:sensiolabs:symfony:4.1.7
Sensiolabs » Symfony » Version: 4.1.8

cpe:2.3:a:sensiolabs:symfony:4.1.8
Sensiolabs » Symfony » Version: 4.1.9

cpe:2.3:a:sensiolabs:symfony:4.1.9
Sensiolabs » Symfony » Version: 4.2.0

cpe:2.3:a:sensiolabs:symfony:4.2.0
Sensiolabs » Symfony » Version: 4.2.1

cpe:2.3:a:sensiolabs:symfony:4.2.1
Sensiolabs » Symfony » Version: 4.2.10

cpe:2.3:a:sensiolabs:symfony:4.2.10
Sensiolabs » Symfony » Version: 4.2.11

cpe:2.3:a:sensiolabs:symfony:4.2.11
Sensiolabs » Symfony » Version: 4.2.12

cpe:2.3:a:sensiolabs:symfony:4.2.12
Sensiolabs » Symfony » Version: 4.2.2

cpe:2.3:a:sensiolabs:symfony:4.2.2
Sensiolabs » Symfony » Version: 4.2.3

cpe:2.3:a:sensiolabs:symfony:4.2.3
Sensiolabs » Symfony » Version: 4.2.4

cpe:2.3:a:sensiolabs:symfony:4.2.4
Sensiolabs » Symfony » Version: 4.2.5

cpe:2.3:a:sensiolabs:symfony:4.2.5
Sensiolabs » Symfony » Version: 4.2.6

cpe:2.3:a:sensiolabs:symfony:4.2.6
Sensiolabs » Symfony » Version: 4.2.7

cpe:2.3:a:sensiolabs:symfony:4.2.7
Sensiolabs » Symfony » Version: 4.2.8

cpe:2.3:a:sensiolabs:symfony:4.2.8
Sensiolabs » Symfony » Version: 4.2.9

cpe:2.3:a:sensiolabs:symfony:4.2.9
Sensiolabs » Symfony » Version: 4.3.0

cpe:2.3:a:sensiolabs:symfony:4.3.0
Sensiolabs » Symfony » Version: 4.3.1

cpe:2.3:a:sensiolabs:symfony:4.3.1
Sensiolabs » Symfony » Version: 4.3.10

cpe:2.3:a:sensiolabs:symfony:4.3.10
Sensiolabs » Symfony » Version: 4.3.11

cpe:2.3:a:sensiolabs:symfony:4.3.11
Sensiolabs » Symfony » Version: 4.3.2

cpe:2.3:a:sensiolabs:symfony:4.3.2
Sensiolabs » Symfony » Version: 4.3.3

cpe:2.3:a:sensiolabs:symfony:4.3.3
Sensiolabs » Symfony » Version: 4.3.4

cpe:2.3:a:sensiolabs:symfony:4.3.4
Sensiolabs » Symfony » Version: 4.3.5

cpe:2.3:a:sensiolabs:symfony:4.3.5
Sensiolabs » Symfony » Version: 4.3.6

cpe:2.3:a:sensiolabs:symfony:4.3.6
Sensiolabs » Symfony » Version: 4.3.7

cpe:2.3:a:sensiolabs:symfony:4.3.7
Sensiolabs » Symfony » Version: 4.3.8

cpe:2.3:a:sensiolabs:symfony:4.3.8
Sensiolabs » Symfony » Version: 4.3.9

cpe:2.3:a:sensiolabs:symfony:4.3.9
Sensiolabs » Symfony » Version: 4.4.0

cpe:2.3:a:sensiolabs:symfony:4.4.0
Sensiolabs » Symfony » Version: 4.4.1

cpe:2.3:a:sensiolabs:symfony:4.4.1
Sensiolabs » Symfony » Version: 4.4.10

cpe:2.3:a:sensiolabs:symfony:4.4.10
Sensiolabs » Symfony » Version: 4.4.11

cpe:2.3:a:sensiolabs:symfony:4.4.11
Sensiolabs » Symfony » Version: 4.4.12

cpe:2.3:a:sensiolabs:symfony:4.4.12
Sensiolabs » Symfony » Version: 4.4.13

cpe:2.3:a:sensiolabs:symfony:4.4.13
Sensiolabs » Symfony » Version: 4.4.14

cpe:2.3:a:sensiolabs:symfony:4.4.14
Sensiolabs » Symfony » Version: 4.4.15

cpe:2.3:a:sensiolabs:symfony:4.4.15
Sensiolabs » Symfony » Version: 4.4.16

cpe:2.3:a:sensiolabs:symfony:4.4.16
Sensiolabs » Symfony » Version: 4.4.17

cpe:2.3:a:sensiolabs:symfony:4.4.17
Sensiolabs » Symfony » Version: 4.4.18

cpe:2.3:a:sensiolabs:symfony:4.4.18
Sensiolabs » Symfony » Version: 4.4.19

cpe:2.3:a:sensiolabs:symfony:4.4.19
Sensiolabs » Symfony » Version: 4.4.2

cpe:2.3:a:sensiolabs:symfony:4.4.2
Sensiolabs » Symfony » Version: 4.4.20

cpe:2.3:a:sensiolabs:symfony:4.4.20
Sensiolabs » Symfony » Version: 4.4.21

cpe:2.3:a:sensiolabs:symfony:4.4.21
Sensiolabs » Symfony » Version: 4.4.22

cpe:2.3:a:sensiolabs:symfony:4.4.22
Sensiolabs » Symfony » Version: 4.4.23

cpe:2.3:a:sensiolabs:symfony:4.4.23
Sensiolabs » Symfony » Version: 4.4.24

cpe:2.3:a:sensiolabs:symfony:4.4.24
Sensiolabs » Symfony » Version: 4.4.25

cpe:2.3:a:sensiolabs:symfony:4.4.25
Sensiolabs » Symfony » Version: 4.4.26

cpe:2.3:a:sensiolabs:symfony:4.4.26
Sensiolabs » Symfony » Version: 4.4.27

cpe:2.3:a:sensiolabs:symfony:4.4.27
Sensiolabs » Symfony » Version: 4.4.28

cpe:2.3:a:sensiolabs:symfony:4.4.28
Sensiolabs » Symfony » Version: 4.4.29

cpe:2.3:a:sensiolabs:symfony:4.4.29
Sensiolabs » Symfony » Version: 4.4.3

cpe:2.3:a:sensiolabs:symfony:4.4.3
Sensiolabs » Symfony » Version: 4.4.30

cpe:2.3:a:sensiolabs:symfony:4.4.30
Sensiolabs » Symfony » Version: 4.4.31

cpe:2.3:a:sensiolabs:symfony:4.4.31
Sensiolabs » Symfony » Version: 4.4.32

cpe:2.3:a:sensiolabs:symfony:4.4.32
Sensiolabs » Symfony » Version: 4.4.33

cpe:2.3:a:sensiolabs:symfony:4.4.33
Sensiolabs » Symfony » Version: 4.4.34

cpe:2.3:a:sensiolabs:symfony:4.4.34
Sensiolabs » Symfony » Version: 4.4.4

cpe:2.3:a:sensiolabs:symfony:4.4.4
Sensiolabs » Symfony » Version: 4.4.5

cpe:2.3:a:sensiolabs:symfony:4.4.5
Sensiolabs » Symfony » Version: 4.4.6

cpe:2.3:a:sensiolabs:symfony:4.4.6
Sensiolabs » Symfony » Version: 4.4.7

cpe:2.3:a:sensiolabs:symfony:4.4.7
Sensiolabs » Symfony » Version: 4.4.8

cpe:2.3:a:sensiolabs:symfony:4.4.8
Sensiolabs » Symfony » Version: 4.4.9

cpe:2.3:a:sensiolabs:symfony:4.4.9
Sensiolabs » Symfony » Version: 5.0.0

cpe:2.3:a:sensiolabs:symfony:5.0.0
Sensiolabs » Symfony » Version: 5.0.1

cpe:2.3:a:sensiolabs:symfony:5.0.1
Sensiolabs » Symfony » Version: 5.0.10

cpe:2.3:a:sensiolabs:symfony:5.0.10
Sensiolabs » Symfony » Version: 5.0.11

cpe:2.3:a:sensiolabs:symfony:5.0.11
Sensiolabs » Symfony » Version: 5.0.2

cpe:2.3:a:sensiolabs:symfony:5.0.2
Sensiolabs » Symfony » Version: 5.0.3

cpe:2.3:a:sensiolabs:symfony:5.0.3
Sensiolabs » Symfony » Version: 5.0.4

cpe:2.3:a:sensiolabs:symfony:5.0.4
Sensiolabs » Symfony » Version: 5.0.5

cpe:2.3:a:sensiolabs:symfony:5.0.5
Sensiolabs » Symfony » Version: 5.0.6

cpe:2.3:a:sensiolabs:symfony:5.0.6
Sensiolabs » Symfony » Version: 5.0.7

cpe:2.3:a:sensiolabs:symfony:5.0.7
Sensiolabs » Symfony » Version: 5.0.8

cpe:2.3:a:sensiolabs:symfony:5.0.8
Sensiolabs » Symfony » Version: 5.0.9

cpe:2.3:a:sensiolabs:symfony:5.0.9
Sensiolabs » Symfony » Version: 5.1.0

cpe:2.3:a:sensiolabs:symfony:5.1.0
Sensiolabs » Symfony » Version: 5.1.1

cpe:2.3:a:sensiolabs:symfony:5.1.1
Sensiolabs » Symfony » Version: 5.1.10

cpe:2.3:a:sensiolabs:symfony:5.1.10
Sensiolabs » Symfony » Version: 5.1.11

cpe:2.3:a:sensiolabs:symfony:5.1.11
Sensiolabs » Symfony » Version: 5.1.2

cpe:2.3:a:sensiolabs:symfony:5.1.2
Sensiolabs » Symfony » Version: 5.1.3

cpe:2.3:a:sensiolabs:symfony:5.1.3
Sensiolabs » Symfony » Version: 5.1.4

cpe:2.3:a:sensiolabs:symfony:5.1.4
Sensiolabs » Symfony » Version: 5.1.5

cpe:2.3:a:sensiolabs:symfony:5.1.5
Sensiolabs » Symfony » Version: 5.1.6

cpe:2.3:a:sensiolabs:symfony:5.1.6
Sensiolabs » Symfony » Version: 5.1.7

cpe:2.3:a:sensiolabs:symfony:5.1.7
Sensiolabs » Symfony » Version: 5.1.8

cpe:2.3:a:sensiolabs:symfony:5.1.8
Sensiolabs » Symfony » Version: 5.1.9

cpe:2.3:a:sensiolabs:symfony:5.1.9
Sensiolabs » Symfony » Version: 5.2.0

cpe:2.3:a:sensiolabs:symfony:5.2.0
Sensiolabs » Symfony » Version: 5.2.1

cpe:2.3:a:sensiolabs:symfony:5.2.1
Sensiolabs » Symfony » Version: 5.2.2

cpe:2.3:a:sensiolabs:symfony:5.2.2
Sensiolabs » Symfony » Version: 5.2.3

cpe:2.3:a:sensiolabs:symfony:5.2.3
Sensiolabs » Symfony » Version: 5.2.4

cpe:2.3:a:sensiolabs:symfony:5.2.4
Sensiolabs » Symfony » Version: 5.2.5

cpe:2.3:a:sensiolabs:symfony:5.2.5
Sensiolabs » Symfony » Version: 5.2.6

cpe:2.3:a:sensiolabs:symfony:5.2.6
Sensiolabs » Symfony » Version: 5.2.7

cpe:2.3:a:sensiolabs:symfony:5.2.7
Sensiolabs » Symfony » Version: 5.2.8

cpe:2.3:a:sensiolabs:symfony:5.2.8
Sensiolabs » Symfony » Version: 5.2.9

cpe:2.3:a:sensiolabs:symfony:5.2.9
Sensiolabs » Symfony » Version: 5.3.0

cpe:2.3:a:sensiolabs:symfony:5.3.0
Sensiolabs » Symfony » Version: 5.3.1

cpe:2.3:a:sensiolabs:symfony:5.3.1
Sensiolabs » Symfony » Version: 5.3.10

cpe:2.3:a:sensiolabs:symfony:5.3.10
Sensiolabs » Symfony » Version: 5.3.11

cpe:2.3:a:sensiolabs:symfony:5.3.11
Sensiolabs » Symfony » Version: 5.3.2

cpe:2.3:a:sensiolabs:symfony:5.3.2
Sensiolabs » Symfony » Version: 5.3.3

cpe:2.3:a:sensiolabs:symfony:5.3.3
Sensiolabs » Symfony » Version: 5.3.4

cpe:2.3:a:sensiolabs:symfony:5.3.4
Sensiolabs » Symfony » Version: 5.3.5

cpe:2.3:a:sensiolabs:symfony:5.3.5
Sensiolabs » Symfony » Version: 5.3.6

cpe:2.3:a:sensiolabs:symfony:5.3.6
Sensiolabs » Symfony » Version: 5.3.7

cpe:2.3:a:sensiolabs:symfony:5.3.7
Sensiolabs » Symfony » Version: 5.3.8

cpe:2.3:a:sensiolabs:symfony:5.3.8
Sensiolabs » Symfony » Version: 5.3.9

cpe:2.3:a:sensiolabs:symfony:5.3.9
Fedoraproject » Fedora » Version: 34

cpe:2.3:o:fedoraproject:fedora:34
Fedoraproject » Fedora » Version: 35

cpe:2.3:o:fedoraproject:fedora:35

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41270

Products

Pricing

Contact Us