Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/validator@2.0.6
Typecomposer
Namespacesymfony
Namevalidator
Version2.0.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.43
Latest_non_vulnerable_version7.1.4
Affected_by_vulnerabilities
0
url VCID-9djx-a3ef-5fgy
vulnerability_id VCID-9djx-a3ef-5fgy
summary 
symfony/validator XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean "No Entities"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.

Consider this (non-fatal) example:
```
<?xml version="1.0"?>
<!DOCTYPE data [<!ENTITY a
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">]>
<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>
```
Increase the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.

...

This can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities. "

If you cannot upgrade to the latest Symfony version, you can also apply this [patch](https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff).
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/2012-08-28.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/2012-08-28.yaml
1
reference_url https://github.com/symfony/validator
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/validator
2
reference_url https://github.com/symfony/validator/commit/b5a30be97ac47181fa5c420bc70a924dff71a5c0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/validator/commit/b5a30be97ac47181fa5c420bc70a924dff71a5c0
3
reference_url https://symfony.com/blog/security-release-symfony-2-0-17-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-release-symfony-2-0-17-released
4
reference_url https://github.com/advisories/GHSA-4vf2-qfg3-7598
reference_id GHSA-4vf2-qfg3-7598
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vf2-qfg3-7598
fixed_packages
0
url pkg:composer/symfony/validator@2.0.17
purl pkg:composer/symfony/validator@2.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
1
vulnerability VCID-sfzy-423b-j3b4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.0.17
aliases GHSA-4vf2-qfg3-7598
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9djx-a3ef-5fgy
1
url VCID-c8ar-82sr-fqej
vulnerability_id VCID-c8ar-82sr-fqej
summary 
Symfony has an incorrect response from Validator when input ends with `\n`
### Description

It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`.

### Resolution

Symfony now uses the `D` regex modifier to match the entire input.

The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4.

### Credits

We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.4785
published_at 2026-04-02T12:55:00Z
1
value 0.00246
scoring_system epss
scoring_elements 0.47934
published_at 2026-04-16T12:55:00Z
2
value 0.00246
scoring_system epss
scoring_elements 0.4788
published_at 2026-04-13T12:55:00Z
3
value 0.00246
scoring_system epss
scoring_elements 0.47871
published_at 2026-04-12T12:55:00Z
4
value 0.00246
scoring_system epss
scoring_elements 0.47893
published_at 2026-04-11T12:55:00Z
5
value 0.00246
scoring_system epss
scoring_elements 0.47869
published_at 2026-04-09T12:55:00Z
6
value 0.00246
scoring_system epss
scoring_elements 0.47874
published_at 2026-04-08T12:55:00Z
7
value 0.00246
scoring_system epss
scoring_elements 0.47821
published_at 2026-04-07T12:55:00Z
8
value 0.00246
scoring_system epss
scoring_elements 0.47872
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
9
reference_url https://symfony.com/cve-2024-50343
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50343
10
reference_url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
reference_id GHSA-g3rh-rrhp-jhh9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/validator@5.4.43
purl pkg:composer/symfony/validator@5.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@5.4.43
1
url pkg:composer/symfony/validator@6.4.11
purl pkg:composer/symfony/validator@6.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@6.4.11
2
url pkg:composer/symfony/validator@7.1.4
purl pkg:composer/symfony/validator@7.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@7.1.4
aliases CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ar-82sr-fqej
2
url VCID-sfzy-423b-j3b4
vulnerability_id VCID-sfzy-423b-j3b4
summary 
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields).

As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4751
reference_id
reference_type
scores
0
value 0.00567
scoring_system epss
scoring_elements 0.68538
published_at 2026-04-16T12:55:00Z
1
value 0.00567
scoring_system epss
scoring_elements 0.68435
published_at 2026-04-01T12:55:00Z
2
value 0.00567
scoring_system epss
scoring_elements 0.68453
published_at 2026-04-02T12:55:00Z
3
value 0.00567
scoring_system epss
scoring_elements 0.68473
published_at 2026-04-04T12:55:00Z
4
value 0.00567
scoring_system epss
scoring_elements 0.68449
published_at 2026-04-07T12:55:00Z
5
value 0.00567
scoring_system epss
scoring_elements 0.68499
published_at 2026-04-08T12:55:00Z
6
value 0.00567
scoring_system epss
scoring_elements 0.68516
published_at 2026-04-09T12:55:00Z
7
value 0.00567
scoring_system epss
scoring_elements 0.68542
published_at 2026-04-11T12:55:00Z
8
value 0.00567
scoring_system epss
scoring_elements 0.6853
published_at 2026-04-12T12:55:00Z
9
value 0.00567
scoring_system epss
scoring_elements 0.68498
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4751
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86364
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86364
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml
7
reference_url https://github.com/symfony/validator
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/validator
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4751
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4751
9
reference_url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
10
reference_url https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709
11
reference_url http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
12
reference_url http://www.securityfocus.com/bid/61709
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/61709
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
17
reference_url https://github.com/advisories/GHSA-q8j7-fjh7-25v5
reference_id GHSA-q8j7-fjh7-25v5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q8j7-fjh7-25v5
fixed_packages
0
url pkg:composer/symfony/validator@2.0.24
purl pkg:composer/symfony/validator@2.0.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.0.24
1
url pkg:composer/symfony/validator@2.1.12
purl pkg:composer/symfony/validator@2.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.1.12
2
url pkg:composer/symfony/validator@2.2.5
purl pkg:composer/symfony/validator@2.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.2.5
3
url pkg:composer/symfony/validator@2.3.3
purl pkg:composer/symfony/validator@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.3.3
aliases CVE-2013-4751, GHSA-q8j7-fjh7-25v5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzy-423b-j3b4
3
url VCID-unuf-vj1b-qbhr
vulnerability_id VCID-unuf-vj1b-qbhr
summary 
Improper Restriction of XML External Entity Reference
Security fixes related to the way XML is handled in symfony.
references
0
reference_url https://symfony.com/blog/security-release-symfony-2-0-17-released
reference_id
reference_type
scores
url https://symfony.com/blog/security-release-symfony-2-0-17-released
fixed_packages
0
url pkg:composer/symfony/validator@2.0.17
purl pkg:composer/symfony/validator@2.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-c8ar-82sr-fqej
1
vulnerability VCID-sfzy-423b-j3b4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.0.17
aliases 2012-08-28
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unuf-vj1b-qbhr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/validator@2.0.6