Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-kernel@3.2.13
Typecomposer
Namespacesymfony
Namehttp-kernel
Version3.2.13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.50
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-91hk-tdtv-x7fp
vulnerability_id VCID-91hk-tdtv-x7fp
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39683
published_at 2026-06-05T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39597
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
4
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
6
reference_url https://symfony.com/cve-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-24894
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
9
reference_url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/http-kernel@4.4.50
purl pkg:composer/symfony/http-kernel@4.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@4.4.50
1
url pkg:composer/symfony/http-kernel@5.0.0-BETA1
purl pkg:composer/symfony/http-kernel@5.0.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.0.0-BETA1
2
url pkg:composer/symfony/http-kernel@5.4.20
purl pkg:composer/symfony/http-kernel@5.4.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.4.20
3
url pkg:composer/symfony/http-kernel@6.0.0-BETA1
purl pkg:composer/symfony/http-kernel@6.0.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.0.0-BETA1
4
url pkg:composer/symfony/http-kernel@6.0.20
purl pkg:composer/symfony/http-kernel@6.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.0.20
5
url pkg:composer/symfony/http-kernel@6.1.0-BETA1
purl pkg:composer/symfony/http-kernel@6.1.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.1.0-BETA1
6
url pkg:composer/symfony/http-kernel@6.1.12
purl pkg:composer/symfony/http-kernel@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.1.12
7
url pkg:composer/symfony/http-kernel@6.2.0-BETA1
purl pkg:composer/symfony/http-kernel@6.2.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.2.0-BETA1
8
url pkg:composer/symfony/http-kernel@6.2.6
purl pkg:composer/symfony/http-kernel@6.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.2.6
aliases CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp
1
url VCID-jqh6-rwsw-73bs
vulnerability_id VCID-jqh6-rwsw-73bs
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The UriSigner was subjectto timing attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74617
published_at 2026-06-04T12:55:00Z
1
value 0.00813
scoring_system epss
scoring_elements 0.74649
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
5
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
19
reference_url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
20
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
21
reference_url https://symfony.com/cve-2019-18887
reference_id CVE-2019-18887
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18887
22
reference_url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
reference_id GHSA-q8hg-pf8v-cxrv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
fixed_packages
0
url pkg:composer/symfony/http-kernel@3.4.35
purl pkg:composer/symfony/http-kernel@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@3.4.35
1
url pkg:composer/symfony/http-kernel@4.2.12
purl pkg:composer/symfony/http-kernel@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@4.2.12
2
url pkg:composer/symfony/http-kernel@4.3.8
purl pkg:composer/symfony/http-kernel@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@4.3.8
aliases CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs
2
url VCID-p6f7-utd6-eqej
vulnerability_id VCID-p6f7-utd6-eqej
summary 
Information Exposure
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56852
published_at 2026-06-05T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56801
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
8
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
9
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
19
reference_url https://symfony.com/cve-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-21424
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
reference_id CVE-2021-21424
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
21
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
reference_id GHSA-5pv8-ppvj-4h68
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
22
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/http-kernel@3.4.48
purl pkg:composer/symfony/http-kernel@3.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@3.4.48
1
url pkg:composer/symfony/http-kernel@4.4.23
purl pkg:composer/symfony/http-kernel@4.4.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@4.4.23
2
url pkg:composer/symfony/http-kernel@5.2.8
purl pkg:composer/symfony/http-kernel@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-gjcx-wmhp-fqef
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.2.8
aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej
Fixing_vulnerabilities
0
url VCID-hs5u-r1jg-tub5
vulnerability_id VCID-hs5u-r1jg-tub5
summary 
Improper Access Control
Direct access of ESI URLs behind a trusted proxy.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml
2
reference_url https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5
3
reference_url https://github.com/symfony/symfony/pull/11831
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/11831
4
reference_url https://symfony.com/cve-2014-5245
reference_id CVE-2014-5245
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2014-5245
5
reference_url https://github.com/advisories/GHSA-wvjv-p5rr-mmqm
reference_id GHSA-wvjv-p5rr-mmqm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wvjv-p5rr-mmqm
fixed_packages
0
url pkg:composer/symfony/http-kernel@2.3.19
purl pkg:composer/symfony/http-kernel@2.3.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-mtb5-t6y4-w3eb
3
vulnerability VCID-wdz4-hfer-1ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.3.19
1
url pkg:composer/symfony/http-kernel@2.4.9
purl pkg:composer/symfony/http-kernel@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-mtb5-t6y4-w3eb
3
vulnerability VCID-wdz4-hfer-1ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.4.9
2
url pkg:composer/symfony/http-kernel@2.5.0-BETA1
purl pkg:composer/symfony/http-kernel@2.5.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-mtb5-t6y4-w3eb
3
vulnerability VCID-wdz4-hfer-1ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.5.0-BETA1
3
url pkg:composer/symfony/http-kernel@2.5.4
purl pkg:composer/symfony/http-kernel@2.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-mtb5-t6y4-w3eb
3
vulnerability VCID-wdz4-hfer-1ud1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.5.4
4
url pkg:composer/symfony/http-kernel@3.2.13
purl pkg:composer/symfony/http-kernel@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91hk-tdtv-x7fp
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@3.2.13
aliases CVE-2014-5245, GHSA-wvjv-p5rr-mmqm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5u-r1jg-tub5
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@3.2.13