| 0 |
| url |
VCID-23wm-y6hh-hfd3 |
| vulnerability_id |
VCID-23wm-y6hh-hfd3 |
| summary |
Routes behind a firewall are accessible even when not logged in
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6431 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44628 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.4467 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44616 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44537 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44644 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44615 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44636 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44574 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44626 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6431 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.19 |
| purl |
pkg:composer/symfony/symfony@2.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 16 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 17 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 18 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 24 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 25 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 26 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 27 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 28 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 29 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19 |
|
|
| aliases |
CVE-2012-6431, GHSA-83c3-qx27-2rwr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-23wm-y6hh-hfd3 |
|
| 1 |
| url |
VCID-2hua-7wbd-tqbx |
| vulnerability_id |
VCID-2hua-7wbd-tqbx |
| summary |
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11386 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77843 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77939 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77901 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77891 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77886 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77859 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77877 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77849 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11386 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11386 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11386 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 10 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 11 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11386, GHSA-r2rq-3h56-fqm4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2hua-7wbd-tqbx |
|
| 2 |
| url |
VCID-446x-j2gr-f3a2 |
| vulnerability_id |
VCID-446x-j2gr-f3a2 |
| summary |
Symfony2 security issue when the trust proxy mode is enabled
An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.
To fix this security issue, the following changes have been made to all versions of Symfony2:
A new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:
```
// before (probably in your front controller script)
Request::trustProxyData();
// after
Request::setTrustedProxies(array('1.1.1.1'));
// 1.1.1.1 being the IP address of a trusted reverse proxy
```
The Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):
```
Request::trustProxyData();
// is equivalent to
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));
```
We encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:
- [Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19
- [Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4 |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.19 |
| purl |
pkg:composer/symfony/symfony@2.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 16 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 17 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 18 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 24 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 25 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 26 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 27 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 28 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 29 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.4 |
| purl |
pkg:composer/symfony/symfony@2.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 23 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 24 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4 |
|
|
| aliases |
GHSA-vfm6-r2gc-pwww
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-446x-j2gr-f3a2 |
|
| 3 |
| url |
VCID-556v-rym3-6yax |
| vulnerability_id |
VCID-556v-rym3-6yax |
| summary |
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11406 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40045 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40211 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40162 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.4018 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40206 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40195 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40141 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40218 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40194 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11406 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11406 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11406 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 10 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 11 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11406, GHSA-g4g7-q726-v5hg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-556v-rym3-6yax |
|
| 4 |
| url |
VCID-6cea-up73-y3hn |
| vulnerability_id |
VCID-6cea-up73-y3hn |
| summary |
Improper Authorization
Security issue when parsing the Authorization header. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.19 |
| purl |
pkg:composer/symfony/symfony@2.3.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.9 |
| purl |
pkg:composer/symfony/symfony@2.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.5.4 |
| purl |
pkg:composer/symfony/symfony@2.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4 |
|
|
| aliases |
CVE-2014-6061, GHSA-h7v2-2qwg-h829
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6cea-up73-y3hn |
|
| 5 |
| url |
VCID-6z5x-uwjt-uueq |
| vulnerability_id |
VCID-6z5x-uwjt-uueq |
| summary |
Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)
CSRF vulnerability in the Web Profiler. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.19 |
| purl |
pkg:composer/symfony/symfony@2.3.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.9 |
| purl |
pkg:composer/symfony/symfony@2.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.5.4 |
| purl |
pkg:composer/symfony/symfony@2.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4 |
|
|
| aliases |
CVE-2014-6072, GHSA-v35g-4rrw-h4fw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6z5x-uwjt-uueq |
|
| 6 |
| url |
VCID-71vh-7wte-kfcx |
| vulnerability_id |
VCID-71vh-7wte-kfcx |
| summary |
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75683 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75745 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75707 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75713 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75732 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75708 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75697 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75663 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.7565 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75652 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11385 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11385 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 10 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 11 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11385, GHSA-g4rg-rw65-8hfg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-71vh-7wte-kfcx |
|
| 7 |
| url |
VCID-742s-vczp-tuh1 |
| vulnerability_id |
VCID-742s-vczp-tuh1 |
| summary |
Improper Privilege Management
Vulnerability in the `EntityUserProvider` as provided in the Doctrine bridge. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.6 |
| purl |
pkg:composer/symfony/symfony@2.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-fgxs-w84s-8kh3 |
|
| 16 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 19 |
| vulnerability |
VCID-k37h-bhh2-myaj |
|
| 20 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 21 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 22 |
| vulnerability |
VCID-neyj-8fkw-fyb7 |
|
| 23 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 24 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 25 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 26 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 27 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 28 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 29 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 30 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 31 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 32 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 33 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 34 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 35 |
| vulnerability |
VCID-unuf-vj1b-qbhr |
|
| 36 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 37 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6 |
|
|
| aliases |
2011-11-16
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-742s-vczp-tuh1 |
|
| 8 |
| url |
VCID-7ms4-3hc6-8bgv |
| vulnerability_id |
VCID-7ms4-3hc6-8bgv |
| summary |
Symfony may allow a user to switch to using another user's identity
Symfony 2.0.6 has just been released. It addresses a security vulnerability in the EntityUserProvider as provided in the Doctrine bridge.
If you let your users update their login/username from a form, and if you are using Doctrine as a user provider, then you are vulnerable and you should upgrade as soon as possible.
The issue is that it is possible for a user to switch to another one. Here is how to reproduce it: The current user changes its username via a form to another existing username. When the form is submitted, he will have a validation error (as the username already exists) but the user object in the session will still be modified to the new username. This user from the session will be used for the next requests and so the user will be switched to this other user.
The fix is to always refresh the user via the primary key (which cannot be updated via a form) instead of the username.
If you cannot upgrade immediately, please apply the following patch: https://github.com/symfony/symfony/commit/9d2ab9ca9c1762 |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.6 |
| purl |
pkg:composer/symfony/symfony@2.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-fgxs-w84s-8kh3 |
|
| 16 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 19 |
| vulnerability |
VCID-k37h-bhh2-myaj |
|
| 20 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 21 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 22 |
| vulnerability |
VCID-neyj-8fkw-fyb7 |
|
| 23 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 24 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 25 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 26 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 27 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 28 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 29 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 30 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 31 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 32 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 33 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 34 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 35 |
| vulnerability |
VCID-unuf-vj1b-qbhr |
|
| 36 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 37 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6 |
|
|
| aliases |
GHSA-7mx2-7q8p-pgmw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ms4-3hc6-8bgv |
|
| 9 |
| url |
VCID-ahhz-bs6u-f3bc |
| vulnerability_id |
VCID-ahhz-bs6u-f3bc |
| summary |
Improper Access Control
Direct access of ESI URLs behind a trusted proxy. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.19 |
| purl |
pkg:composer/symfony/symfony@2.3.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.9 |
| purl |
pkg:composer/symfony/symfony@2.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.5.4 |
| purl |
pkg:composer/symfony/symfony@2.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4 |
|
|
| aliases |
CVE-2014-5245, GHSA-wvjv-p5rr-mmqm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ahhz-bs6u-f3bc |
|
| 10 |
| url |
VCID-bdhj-np35-sybt |
| vulnerability_id |
VCID-bdhj-np35-sybt |
| summary |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83967 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84016 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.8401 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83986 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83982 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84045 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84021 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84025 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84032 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt |
|
| 11 |
| url |
VCID-bhfu-7788-fbhc |
| vulnerability_id |
VCID-bhfu-7788-fbhc |
| summary |
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94921 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94938 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.9493 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94926 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94895 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94904 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94906 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94908 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94917 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.49 |
| purl |
pkg:composer/symfony/symfony@2.7.49 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 7 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 11 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 12 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 13 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 14 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 15 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 16 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 17 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.44 |
| purl |
pkg:composer/symfony/symfony@2.8.44 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 15 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 16 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 17 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 18 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 15 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 16 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 17 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 18 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 8 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 9 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 15 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfu-7788-fbhc |
|
| 12 |
| url |
VCID-bny7-h1nn-bkbc |
| vulnerability_id |
VCID-bny7-h1nn-bkbc |
| summary |
Code Injection
The `Yaml::parse` function in Symfony allows remote attackers to execute arbitrary PHP code via a PHP file. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1348 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.70023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69917 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69929 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69922 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69969 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.7001 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69994 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69981 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1348 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.22 |
| purl |
pkg:composer/symfony/symfony@2.0.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 22 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 23 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 24 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 25 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 26 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22 |
|
|
| aliases |
CVE-2013-1348, GHSA-2r5h-6r7v-5m7c
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bny7-h1nn-bkbc |
|
| 13 |
| url |
VCID-d1kp-7aht-9qa2 |
| vulnerability_id |
VCID-d1kp-7aht-9qa2 |
| summary |
Esi Code Injection
Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2308 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67758 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67645 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67679 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.677 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.6768 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67732 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67745 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67769 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67755 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00543 |
| scoring_system |
epss |
| scoring_elements |
0.67721 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2015-2308 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.27 |
| purl |
pkg:composer/symfony/symfony@2.3.27 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.5.11 |
| purl |
pkg:composer/symfony/symfony@2.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.6.6 |
| purl |
pkg:composer/symfony/symfony@2.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6 |
|
|
| aliases |
CVE-2015-2308, GHSA-5c58-w9xc-qcj9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d1kp-7aht-9qa2 |
|
| 14 |
| url |
VCID-fgxs-w84s-8kh3 |
| vulnerability_id |
VCID-fgxs-w84s-8kh3 |
| summary |
Improper Restriction of XML External Entity Reference
XML decoding attack vector through external entities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.11 |
| purl |
pkg:composer/symfony/symfony@2.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 18 |
| vulnerability |
VCID-k37h-bhh2-myaj |
|
| 19 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 22 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 23 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 24 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 25 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 26 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 27 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 28 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 29 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 30 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 31 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 32 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 33 |
| vulnerability |
VCID-unuf-vj1b-qbhr |
|
| 34 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 35 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11 |
|
|
| aliases |
2012-02-24
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fgxs-w84s-8kh3 |
|
| 15 |
| url |
VCID-hzwd-mq3r-qfcb |
| vulnerability_id |
VCID-hzwd-mq3r-qfcb |
| summary |
Uncontrolled Resource Consumption
The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5958 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64701 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64779 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64741 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64663 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64763 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64715 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64743 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64749 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64769 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00474 |
| scoring_system |
epss |
| scoring_elements |
0.64781 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-5958 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
| 55 |
|
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
|
| 63 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.25 |
| purl |
pkg:composer/symfony/symfony@2.0.25 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.25 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.13 |
| purl |
pkg:composer/symfony/symfony@2.1.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.13 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.2.9 |
| purl |
pkg:composer/symfony/symfony@2.2.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 22 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.3.6 |
| purl |
pkg:composer/symfony/symfony@2.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 5 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 8 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 9 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 14 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 15 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 18 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 19 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 20 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 21 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 25 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 26 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 27 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.6 |
|
|
| aliases |
CVE-2013-5958, GHSA-cr49-fx2v-9p57
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hzwd-mq3r-qfcb |
|
| 16 |
| url |
VCID-jdsd-3vnz-uygn |
| vulnerability_id |
VCID-jdsd-3vnz-uygn |
| summary |
Argument injection in a MimeTypeGuesser in Symfony
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84766 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84787 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84693 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84708 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84728 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84729 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84751 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84758 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84776 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84772 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18888 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18888, GHSA-xhh6-956q-4q69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsd-3vnz-uygn |
|
| 17 |
| url |
VCID-jjqk-u4vs-tbba |
| vulnerability_id |
VCID-jjqk-u4vs-tbba |
| summary |
Symfony Arbitrary PHP code Execution
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1397 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.70023 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69917 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69929 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69944 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69922 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69969 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69986 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.7001 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69994 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00619 |
| scoring_system |
epss |
| scoring_elements |
0.69981 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-1397 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.22 |
| purl |
pkg:composer/symfony/symfony@2.0.22 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 22 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 23 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 24 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 25 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 26 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.7 |
| purl |
pkg:composer/symfony/symfony@2.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 22 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 23 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 24 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 25 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 26 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.7 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.2.0-BETA2 |
| purl |
pkg:composer/symfony/symfony@2.2.0-BETA2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0-BETA2 |
|
|
| aliases |
CVE-2013-1397, GHSA-7w53-hfpw-rg3g
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqk-u4vs-tbba |
|
| 18 |
| url |
VCID-k37h-bhh2-myaj |
| vulnerability_id |
VCID-k37h-bhh2-myaj |
| summary |
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean "No Entities"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.
Consider this (non-fatal) example:
<?xml version="1.0"?>
<!DOCTYPE data [<!ENTITY a
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">]>
<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>
Increase the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.
...
This can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.17 |
| purl |
pkg:composer/symfony/symfony@2.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 18 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 23 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 24 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 25 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 26 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 27 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 28 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 29 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 30 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 31 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 32 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 33 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17 |
|
|
| aliases |
GHSA-q2gc-gg3x-7942
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k37h-bhh2-myaj |
|
| 19 |
| url |
VCID-neyj-8fkw-fyb7 |
| vulnerability_id |
VCID-neyj-8fkw-fyb7 |
| summary |
Symfony XML decoding attack vector through external entities
The XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.11 |
| purl |
pkg:composer/symfony/symfony@2.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 18 |
| vulnerability |
VCID-k37h-bhh2-myaj |
|
| 19 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 22 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 23 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 24 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 25 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 26 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 27 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 28 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 29 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 30 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 31 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 32 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 33 |
| vulnerability |
VCID-unuf-vj1b-qbhr |
|
| 34 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 35 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11 |
|
|
| aliases |
GHSA-mmcv-fvq8-r9x3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-neyj-8fkw-fyb7 |
|
| 20 |
| url |
VCID-p1dw-w76f-gbfv |
| vulnerability_id |
VCID-p1dw-w76f-gbfv |
| summary |
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14662 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01842 |
| scoring_system |
epss |
| scoring_elements |
0.82999 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83544 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83538 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02482 |
| scoring_system |
epss |
| scoring_elements |
0.85295 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88291 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-w76f-gbfv |
|
| 21 |
| url |
VCID-qty4-cyfa-rugw |
| vulnerability_id |
VCID-qty4-cyfa-rugw |
| summary |
Uncontrolled Resource Consumption
Denial of service with a malicious HTTP Host header. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.19 |
| purl |
pkg:composer/symfony/symfony@2.3.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.9 |
| purl |
pkg:composer/symfony/symfony@2.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.5.4 |
| purl |
pkg:composer/symfony/symfony@2.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4 |
|
|
| aliases |
CVE-2014-5244, GHSA-v77v-x634-9m56
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qty4-cyfa-rugw |
|
| 22 |
| url |
VCID-rgh3-ef8t-k3ec |
| vulnerability_id |
VCID-rgh3-ef8t-k3ec |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40689 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40678 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40634 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40653 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40688 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.4067 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.4061 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40661 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgh3-ef8t-k3ec |
|
| 23 |
| url |
VCID-rxbg-gmn6-kbeq |
| vulnerability_id |
VCID-rxbg-gmn6-kbeq |
| summary |
Code Injection
Symfony, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a `/_internal` substring. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6432 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.6249 |
| published_at |
2026-04-07T12:55:00Z |
|
| 1 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62583 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62542 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62564 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62575 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62433 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62557 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62491 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62541 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.0043 |
| scoring_system |
epss |
| scoring_elements |
0.62523 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2012-6432 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.20 |
| purl |
pkg:composer/symfony/symfony@2.0.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 16 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 17 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 18 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 24 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.5 |
| purl |
pkg:composer/symfony/symfony@2.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 23 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 24 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 25 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 26 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 27 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.5 |
|
|
| aliases |
CVE-2012-6432, GHSA-89cp-fvcc-hxh7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rxbg-gmn6-kbeq |
|
| 24 |
| url |
VCID-rztj-ug83-dyga |
| vulnerability_id |
VCID-rztj-ug83-dyga |
| summary |
Information Exporure
`Request::getHost()` poisoning vulnerability in Symfony. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4752 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76091 |
| published_at |
2026-04-11T12:55:00Z |
|
| 1 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76066 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76051 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76018 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76039 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76007 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76003 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76064 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76105 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00928 |
| scoring_system |
epss |
| scoring_elements |
0.76067 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4752 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.24 |
| purl |
pkg:composer/symfony/symfony@2.0.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 22 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.12 |
| purl |
pkg:composer/symfony/symfony@2.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 22 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.2.5 |
| purl |
pkg:composer/symfony/symfony@2.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 23 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.3.3 |
| purl |
pkg:composer/symfony/symfony@2.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 5 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 8 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 9 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 14 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 15 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 16 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 23 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 24 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3 |
|
|
| aliases |
CVE-2013-4752, GHSA-22pv-7v9j-hqxp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rztj-ug83-dyga |
|
| 25 |
| url |
VCID-sfzy-423b-j3b4 |
| vulnerability_id |
VCID-sfzy-423b-j3b4 |
| summary |
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields).
As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4751 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68538 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68435 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68453 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68473 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68449 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68499 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68516 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68542 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.6853 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68498 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2013-4751 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.24 |
| purl |
pkg:composer/symfony/symfony@2.0.24 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 22 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.12 |
| purl |
pkg:composer/symfony/symfony@2.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 19 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 20 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 21 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 22 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.2.5 |
| purl |
pkg:composer/symfony/symfony@2.2.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 23 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.3.3 |
| purl |
pkg:composer/symfony/symfony@2.3.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 5 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 6 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 7 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 8 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 9 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 13 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 14 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 15 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 16 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 23 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 24 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3 |
|
|
| aliases |
CVE-2013-4751, GHSA-q8j7-fjh7-25v5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzy-423b-j3b4 |
|
| 26 |
| url |
VCID-srrc-wxew-1fc6 |
| vulnerability_id |
VCID-srrc-wxew-1fc6 |
| summary |
Code Injection
Code injection in the way Symfony implements translation caching in FrameworkBundle. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.19 |
| purl |
pkg:composer/symfony/symfony@2.3.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.9 |
| purl |
pkg:composer/symfony/symfony@2.4.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.5.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.5.4 |
| purl |
pkg:composer/symfony/symfony@2.5.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 11 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 22 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4 |
|
|
| aliases |
CVE-2014-4931, GHSA-wfv7-5x33-v22h
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-srrc-wxew-1fc6 |
|
| 27 |
| url |
VCID-thtp-ehsj-t3ej |
| vulnerability_id |
VCID-thtp-ehsj-t3ej |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05621 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05639 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05684 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0569 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05697 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05718 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05691 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05653 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0566 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-thtp-ehsj-t3ej |
|
| 28 |
| url |
VCID-u84h-sr6a-4uc7 |
| vulnerability_id |
VCID-u84h-sr6a-4uc7 |
| summary |
Information Exposure
Request::getClientIp() when the trust proxy mode is enabled. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.19 |
| purl |
pkg:composer/symfony/symfony@2.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 16 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 17 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 18 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 24 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 25 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 26 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 27 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 28 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 29 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.1.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.1.4 |
| purl |
pkg:composer/symfony/symfony@2.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 23 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 24 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4 |
|
|
| aliases |
2012-11-29
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u84h-sr6a-4uc7 |
|
| 29 |
| url |
VCID-unuf-vj1b-qbhr |
| vulnerability_id |
VCID-unuf-vj1b-qbhr |
| summary |
Improper Restriction of XML External Entity Reference
Security fixes related to the way XML is handled in symfony. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.17 |
| purl |
pkg:composer/symfony/symfony@2.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-23wm-y6hh-hfd3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-446x-j2gr-f3a2 |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 5 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 6 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 9 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 15 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 18 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 23 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 24 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 25 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 26 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 27 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 28 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 29 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 30 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 31 |
| vulnerability |
VCID-u84h-sr6a-4uc7 |
|
| 32 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
| 33 |
| vulnerability |
VCID-xmur-ps51-myfu |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.1.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 21 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1 |
|
|
| aliases |
2012-08-28
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-unuf-vj1b-qbhr |
|
| 30 |
| url |
VCID-wwhm-mrr3-v7h3 |
| vulnerability_id |
VCID-wwhm-mrr3-v7h3 |
| summary |
Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.3.27 |
| purl |
pkg:composer/symfony/symfony@2.3.27 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.4.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.4.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 21 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.0-BETA1 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.5.11 |
| purl |
pkg:composer/symfony/symfony@2.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@2.6.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.6.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@2.6.6 |
| purl |
pkg:composer/symfony/symfony@2.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-5u5z-qzg2-sbhg |
|
| 4 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-ahmf-nthw-ufaq |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-fy39-ys3p-5ucm |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-up7g-6ewp-uya5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6 |
|
|
| aliases |
CVE-2015-2309, GHSA-p684-f7fh-jv2j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3 |
|
| 31 |
| url |
VCID-xmur-ps51-myfu |
| vulnerability_id |
VCID-xmur-ps51-myfu |
| summary |
Symfony2 improper IP based access control
Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()).
An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.
To fix this security issue, the following changes have been made to all versions of Symfony2:
A new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:
```
// before (probably in your front controller script)
Request::trustProxyData();
```
```
// after
Request::setTrustedProxies(array('1.1.1.1'));
// 1.1.1.1 being the IP address of a trusted reverse proxy
```
The Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):
```
Request::trustProxyData();
```
```
// is equivalent to
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));
```
We encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:
[Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19
[Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4 |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.0.19 |
| purl |
pkg:composer/symfony/symfony@2.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bny7-h1nn-bkbc |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 13 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 16 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 17 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 18 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 24 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 25 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 26 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 27 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 28 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 29 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.1.4 |
| purl |
pkg:composer/symfony/symfony@2.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 1 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 2 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 3 |
| vulnerability |
VCID-6cea-up73-y3hn |
|
| 4 |
| vulnerability |
VCID-6z5x-uwjt-uueq |
|
| 5 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-ahhz-bs6u-f3bc |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-d1kp-7aht-9qa2 |
|
| 12 |
| vulnerability |
VCID-hzwd-mq3r-qfcb |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-jjqk-u4vs-tbba |
|
| 15 |
| vulnerability |
VCID-k8ze-h7fe-fkg2 |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-nsk8-bk5e-tbfh |
|
| 18 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 19 |
| vulnerability |
VCID-qty4-cyfa-rugw |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-rxbg-gmn6-kbeq |
|
| 23 |
| vulnerability |
VCID-rztj-ug83-dyga |
|
| 24 |
| vulnerability |
VCID-sfzy-423b-j3b4 |
|
| 25 |
| vulnerability |
VCID-skth-cf6d-3ubr |
|
| 26 |
| vulnerability |
VCID-srrc-wxew-1fc6 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-wwhm-mrr3-v7h3 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4 |
|
|
| aliases |
GHSA-hx53-jchx-cr52
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xmur-ps51-myfu |
|