Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-foundation@2.2.4
Typecomposer
Namespacesymfony
Namehttp-foundation
Version2.2.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.50
Latest_non_vulnerable_version7.3.7
Affected_by_vulnerabilities
0
url VCID-2hua-7wbd-tqbx
vulnerability_id VCID-2hua-7wbd-tqbx
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.77843
published_at 2026-04-01T12:55:00Z
1
value 0.01086
scoring_system epss
scoring_elements 0.77939
published_at 2026-04-16T12:55:00Z
2
value 0.01086
scoring_system epss
scoring_elements 0.77901
published_at 2026-04-13T12:55:00Z
3
value 0.01086
scoring_system epss
scoring_elements 0.77917
published_at 2026-04-11T12:55:00Z
4
value 0.01086
scoring_system epss
scoring_elements 0.77891
published_at 2026-04-09T12:55:00Z
5
value 0.01086
scoring_system epss
scoring_elements 0.77886
published_at 2026-04-08T12:55:00Z
6
value 0.01086
scoring_system epss
scoring_elements 0.77859
published_at 2026-04-07T12:55:00Z
7
value 0.01086
scoring_system epss
scoring_elements 0.77877
published_at 2026-04-04T12:55:00Z
8
value 0.01086
scoring_system epss
scoring_elements 0.77849
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
22
reference_url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
23
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
26
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11386
27
reference_url https://github.com/advisories/GHSA-r2rq-3h56-fqm4
reference_id GHSA-r2rq-3h56-fqm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2rq-3h56-fqm4
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.7.48
purl pkg:composer/symfony/http-foundation@2.7.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-3uu1-kftu-nbhd
2
vulnerability VCID-9bzz-84cq-ykh2
3
vulnerability VCID-bhfu-7788-fbhc
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.48
1
url pkg:composer/symfony/http-foundation@2.8.41
purl pkg:composer/symfony/http-foundation@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-e71e-d4tr-wqgz
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41
2
url pkg:composer/symfony/http-foundation@3.3.17
purl pkg:composer/symfony/http-foundation@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-3uu1-kftu-nbhd
2
vulnerability VCID-9bzz-84cq-ykh2
3
vulnerability VCID-bhfu-7788-fbhc
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-jdsd-3vnz-uygn
6
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17
3
url pkg:composer/symfony/http-foundation@3.4.11
purl pkg:composer/symfony/http-foundation@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-e71e-d4tr-wqgz
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11
4
url pkg:composer/symfony/http-foundation@4.0.11
purl pkg:composer/symfony/http-foundation@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-e71e-d4tr-wqgz
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11
aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hua-7wbd-tqbx
1
url VCID-6cea-up73-y3hn
vulnerability_id VCID-6cea-up73-y3hn
summary 
Improper Authorization
Security issue when parsing the Authorization header.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml
2
reference_url https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904
3
reference_url https://github.com/symfony/symfony/pull/11829
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/11829
4
reference_url https://symfony.com/cve-2014-6061
reference_id CVE-2014-6061
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2014-6061
5
reference_url https://github.com/advisories/GHSA-h7v2-2qwg-h829
reference_id GHSA-h7v2-2qwg-h829
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7v2-2qwg-h829
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.3.19
purl pkg:composer/symfony/http-foundation@2.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19
1
url pkg:composer/symfony/http-foundation@2.4.9
purl pkg:composer/symfony/http-foundation@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9
2
url pkg:composer/symfony/http-foundation@2.5.0-BETA1
purl pkg:composer/symfony/http-foundation@2.5.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1
3
url pkg:composer/symfony/http-foundation@2.5.4
purl pkg:composer/symfony/http-foundation@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4
4
url pkg:composer/symfony/http-foundation@2.5.11
purl pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11
aliases CVE-2014-6061, GHSA-h7v2-2qwg-h829
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cea-up73-y3hn
2
url VCID-9bzz-84cq-ykh2
vulnerability_id VCID-9bzz-84cq-ykh2
summary 
Symfony vulnerable to open redirect via browser-sanitized URLs
### Description

The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.

### Resolution

The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/

The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4.

### Credits

We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60271
published_at 2026-04-02T12:55:00Z
1
value 0.00394
scoring_system epss
scoring_elements 0.60359
published_at 2026-04-16T12:55:00Z
2
value 0.00394
scoring_system epss
scoring_elements 0.60318
published_at 2026-04-13T12:55:00Z
3
value 0.00394
scoring_system epss
scoring_elements 0.60337
published_at 2026-04-12T12:55:00Z
4
value 0.00394
scoring_system epss
scoring_elements 0.60351
published_at 2026-04-11T12:55:00Z
5
value 0.00394
scoring_system epss
scoring_elements 0.6033
published_at 2026-04-09T12:55:00Z
6
value 0.00394
scoring_system epss
scoring_elements 0.60316
published_at 2026-04-08T12:55:00Z
7
value 0.00394
scoring_system epss
scoring_elements 0.60266
published_at 2026-04-07T12:55:00Z
8
value 0.00394
scoring_system epss
scoring_elements 0.60297
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
9
reference_url https://symfony.com/cve-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50345
10
reference_url https://url.spec.whatwg.org
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://url.spec.whatwg.org
11
reference_url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/http-foundation@5.4.46
purl pkg:composer/symfony/http-foundation@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.46
1
url pkg:composer/symfony/http-foundation@6.4.14
purl pkg:composer/symfony/http-foundation@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.14
2
url pkg:composer/symfony/http-foundation@7.1.7
purl pkg:composer/symfony/http-foundation@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.1.7
3
url pkg:composer/symfony/http-foundation@7.2.0-BETA1
purl pkg:composer/symfony/http-foundation@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.2.0-BETA1
aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bzz-84cq-ykh2
3
url VCID-bhfu-7788-fbhc
vulnerability_id VCID-bhfu-7788-fbhc
summary 
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.94921
published_at 2026-04-09T12:55:00Z
1
value 0.16652
scoring_system epss
scoring_elements 0.94938
published_at 2026-04-16T12:55:00Z
2
value 0.16652
scoring_system epss
scoring_elements 0.9493
published_at 2026-04-13T12:55:00Z
3
value 0.16652
scoring_system epss
scoring_elements 0.94928
published_at 2026-04-12T12:55:00Z
4
value 0.16652
scoring_system epss
scoring_elements 0.94926
published_at 2026-04-11T12:55:00Z
5
value 0.16652
scoring_system epss
scoring_elements 0.94895
published_at 2026-04-01T12:55:00Z
6
value 0.16652
scoring_system epss
scoring_elements 0.94904
published_at 2026-04-02T12:55:00Z
7
value 0.16652
scoring_system epss
scoring_elements 0.94906
published_at 2026-04-04T12:55:00Z
8
value 0.16652
scoring_system epss
scoring_elements 0.94908
published_at 2026-04-07T12:55:00Z
9
value 0.16652
scoring_system epss
scoring_elements 0.94917
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
11
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
12
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
14
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
15
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
16
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
17
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
18
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
19
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
20
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
21
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.7.49
purl pkg:composer/symfony/http-foundation@2.7.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49
1
url pkg:composer/symfony/http-foundation@2.8.44
purl pkg:composer/symfony/http-foundation@2.8.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-e71e-d4tr-wqgz
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44
2
url pkg:composer/symfony/http-foundation@3.3.18
purl pkg:composer/symfony/http-foundation@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-e71e-d4tr-wqgz
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18
3
url pkg:composer/symfony/http-foundation@3.4.14
purl pkg:composer/symfony/http-foundation@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-e71e-d4tr-wqgz
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14
4
url pkg:composer/symfony/http-foundation@4.0.14
purl pkg:composer/symfony/http-foundation@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-e71e-d4tr-wqgz
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14
5
url pkg:composer/symfony/http-foundation@4.1.3
purl pkg:composer/symfony/http-foundation@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3uu1-kftu-nbhd
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-e71e-d4tr-wqgz
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfu-7788-fbhc
4
url VCID-jdsd-3vnz-uygn
vulnerability_id VCID-jdsd-3vnz-uygn
summary 
Argument injection in a MimeTypeGuesser in Symfony
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.84766
published_at 2026-04-13T12:55:00Z
1
value 0.0231
scoring_system epss
scoring_elements 0.84787
published_at 2026-04-16T12:55:00Z
2
value 0.0231
scoring_system epss
scoring_elements 0.84693
published_at 2026-04-01T12:55:00Z
3
value 0.0231
scoring_system epss
scoring_elements 0.84708
published_at 2026-04-02T12:55:00Z
4
value 0.0231
scoring_system epss
scoring_elements 0.84728
published_at 2026-04-04T12:55:00Z
5
value 0.0231
scoring_system epss
scoring_elements 0.84729
published_at 2026-04-07T12:55:00Z
6
value 0.0231
scoring_system epss
scoring_elements 0.84751
published_at 2026-04-08T12:55:00Z
7
value 0.0231
scoring_system epss
scoring_elements 0.84758
published_at 2026-04-09T12:55:00Z
8
value 0.0231
scoring_system epss
scoring_elements 0.84776
published_at 2026-04-11T12:55:00Z
9
value 0.0231
scoring_system epss
scoring_elements 0.84772
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
6
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
20
reference_url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
21
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
22
reference_url https://symfony.com/cve-2019-18888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18888
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
26
reference_url https://github.com/advisories/GHSA-xhh6-956q-4q69
reference_id GHSA-xhh6-956q-4q69
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhh6-956q-4q69
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.52
purl pkg:composer/symfony/http-foundation@2.8.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9bzz-84cq-ykh2
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52
1
url pkg:composer/symfony/http-foundation@3.4.35
purl pkg:composer/symfony/http-foundation@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9bzz-84cq-ykh2
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35
2
url pkg:composer/symfony/http-foundation@4.2.12
purl pkg:composer/symfony/http-foundation@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9bzz-84cq-ykh2
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12
3
url pkg:composer/symfony/http-foundation@4.3.8
purl pkg:composer/symfony/http-foundation@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9bzz-84cq-ykh2
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8
aliases CVE-2019-18888, GHSA-xhh6-956q-4q69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsd-3vnz-uygn
5
url VCID-p1dw-w76f-gbfv
vulnerability_id VCID-p1dw-w76f-gbfv
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14662
published_at 2026-04-02T12:55:00Z
1
value 0.01842
scoring_system epss
scoring_elements 0.82999
published_at 2026-04-16T12:55:00Z
2
value 0.0197
scoring_system epss
scoring_elements 0.83544
published_at 2026-04-11T12:55:00Z
3
value 0.0197
scoring_system epss
scoring_elements 0.83538
published_at 2026-04-12T12:55:00Z
4
value 0.02482
scoring_system epss
scoring_elements 0.85295
published_at 2026-04-13T12:55:00Z
5
value 0.03928
scoring_system epss
scoring_elements 0.88321
published_at 2026-04-09T12:55:00Z
6
value 0.03928
scoring_system epss
scoring_elements 0.88316
published_at 2026-04-08T12:55:00Z
7
value 0.03928
scoring_system epss
scoring_elements 0.88296
published_at 2026-04-07T12:55:00Z
8
value 0.03928
scoring_system epss
scoring_elements 0.88291
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
5
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
8
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/http-foundation@5.4.50
purl pkg:composer/symfony/http-foundation@5.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.50
1
url pkg:composer/symfony/http-foundation@6.4.29
purl pkg:composer/symfony/http-foundation@6.4.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.29
2
url pkg:composer/symfony/http-foundation@7.3.7
purl pkg:composer/symfony/http-foundation@7.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.3.7
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-w76f-gbfv
6
url VCID-qty4-cyfa-rugw
vulnerability_id VCID-qty4-cyfa-rugw
summary 
Uncontrolled Resource Consumption
Denial of service with a malicious HTTP Host header.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml
2
reference_url https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8
3
reference_url https://github.com/symfony/symfony/pull/11828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/11828
4
reference_url https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header
5
reference_url https://symfony.com/cve-2014-5244
reference_id CVE-2014-5244
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2014-5244
6
reference_url https://github.com/advisories/GHSA-v77v-x634-9m56
reference_id GHSA-v77v-x634-9m56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v77v-x634-9m56
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.3.19
purl pkg:composer/symfony/http-foundation@2.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19
1
url pkg:composer/symfony/http-foundation@2.4.9
purl pkg:composer/symfony/http-foundation@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9
2
url pkg:composer/symfony/http-foundation@2.5.0-BETA1
purl pkg:composer/symfony/http-foundation@2.5.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1
3
url pkg:composer/symfony/http-foundation@2.5.4
purl pkg:composer/symfony/http-foundation@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
5
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4
4
url pkg:composer/symfony/http-foundation@2.5.11
purl pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11
aliases CVE-2014-5244, GHSA-v77v-x634-9m56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qty4-cyfa-rugw
7
url VCID-rztj-ug83-dyga
vulnerability_id VCID-rztj-ug83-dyga
summary 
Information Exporure
`Request::getHost()` poisoning vulnerability in Symfony.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4752
reference_id
reference_type
scores
0
value 0.00928
scoring_system epss
scoring_elements 0.76091
published_at 2026-04-11T12:55:00Z
1
value 0.00928
scoring_system epss
scoring_elements 0.76066
published_at 2026-04-09T12:55:00Z
2
value 0.00928
scoring_system epss
scoring_elements 0.76051
published_at 2026-04-08T12:55:00Z
3
value 0.00928
scoring_system epss
scoring_elements 0.76018
published_at 2026-04-07T12:55:00Z
4
value 0.00928
scoring_system epss
scoring_elements 0.76039
published_at 2026-04-04T12:55:00Z
5
value 0.00928
scoring_system epss
scoring_elements 0.76007
published_at 2026-04-02T12:55:00Z
6
value 0.00928
scoring_system epss
scoring_elements 0.76003
published_at 2026-04-01T12:55:00Z
7
value 0.00928
scoring_system epss
scoring_elements 0.76064
published_at 2026-04-13T12:55:00Z
8
value 0.00928
scoring_system epss
scoring_elements 0.76105
published_at 2026-04-16T12:55:00Z
9
value 0.00928
scoring_system epss
scoring_elements 0.76067
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4752
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
11
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
12
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
13
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
14
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml
15
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml
16
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4752
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4752
18
reference_url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
19
reference_url https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715
20
reference_url http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
21
reference_url https://github.com/advisories/GHSA-22pv-7v9j-hqxp
reference_id GHSA-22pv-7v9j-hqxp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22pv-7v9j-hqxp
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.2.5
purl pkg:composer/symfony/http-foundation@2.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-6cea-up73-y3hn
2
vulnerability VCID-9bzz-84cq-ykh2
3
vulnerability VCID-bhfu-7788-fbhc
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
6
vulnerability VCID-qty4-cyfa-rugw
7
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.5
1
url pkg:composer/symfony/http-foundation@2.3.3
purl pkg:composer/symfony/http-foundation@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-6cea-up73-y3hn
2
vulnerability VCID-9bzz-84cq-ykh2
3
vulnerability VCID-bhfu-7788-fbhc
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
6
vulnerability VCID-qty4-cyfa-rugw
7
vulnerability VCID-wwhm-mrr3-v7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.3
aliases CVE-2013-4752, GHSA-22pv-7v9j-hqxp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rztj-ug83-dyga
8
url VCID-wwhm-mrr3-v7h3
vulnerability_id VCID-wwhm-mrr3-v7h3
summary 
Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
3
reference_url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
4
reference_url https://github.com/symfony/symfony/pull/14166
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/14166
5
reference_url https://symfony.com/cve-2015-2309
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2015-2309
6
reference_url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
7
reference_url https://github.com/advisories/GHSA-p684-f7fh-jv2j
reference_id GHSA-p684-f7fh-jv2j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p684-f7fh-jv2j
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.3.27
purl pkg:composer/symfony/http-foundation@2.3.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27
1
url pkg:composer/symfony/http-foundation@2.3.29
purl pkg:composer/symfony/http-foundation@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-6cea-up73-y3hn
2
vulnerability VCID-9bzz-84cq-ykh2
3
vulnerability VCID-bhfu-7788-fbhc
4
vulnerability VCID-jdsd-3vnz-uygn
5
vulnerability VCID-p1dw-w76f-gbfv
6
vulnerability VCID-qty4-cyfa-rugw
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.29
2
url pkg:composer/symfony/http-foundation@2.5.11
purl pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11
3
url pkg:composer/symfony/http-foundation@2.6.6
purl pkg:composer/symfony/http-foundation@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6
4
url pkg:composer/symfony/http-foundation@2.6.8
purl pkg:composer/symfony/http-foundation@2.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8
aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.4