| 0 |
| url |
VCID-15tu-dfam-yqgh |
| vulnerability_id |
VCID-15tu-dfam-yqgh |
| summary |
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh |
|
| 1 |
| url |
VCID-37et-21qw-skd7 |
| vulnerability_id |
VCID-37et-21qw-skd7 |
| summary |
Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18888, GHSA-xhh6-956q-4q69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7 |
|
| 2 |
| url |
VCID-3qct-gbgt-kkbb |
| vulnerability_id |
VCID-3qct-gbgt-kkbb |
| summary |
Cross-site Scripting
The debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.33 |
| purl |
pkg:composer/symfony/symfony@2.7.33 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 12 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 13 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 14 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 15 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 16 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 20 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 21 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 22 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 23 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.26 |
| purl |
pkg:composer/symfony/symfony@2.8.26 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 12 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 13 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 14 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 15 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 16 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 19 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 20 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 21 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 22 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 23 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 24 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 25 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 26 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 27 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 28 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.2.13 |
| purl |
pkg:composer/symfony/symfony@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 12 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 13 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 14 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 15 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 18 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 19 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 20 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 21 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 22 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 23 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 24 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 25 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 26 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 27 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 28 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 29 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.3.6 |
| purl |
pkg:composer/symfony/symfony@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 14 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 15 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 16 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 17 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 18 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 19 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 20 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 21 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 22 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 23 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 24 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 25 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 26 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 27 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 28 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 29 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 30 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6 |
|
|
| aliases |
CVE-2017-18343
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3qct-gbgt-kkbb |
|
| 3 |
| url |
VCID-4f9e-eg67-cqbr |
| vulnerability_id |
VCID-4f9e-eg67-cqbr |
| summary |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr |
|
| 4 |
| url |
VCID-5pmg-t1rb-wbd4 |
| vulnerability_id |
VCID-5pmg-t1rb-wbd4 |
| summary |
Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.5.11 |
| purl |
pkg:composer/symfony/symfony@2.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-f39p-q1k7-kfgt |
|
| 10 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mtb5-t6y4-w3eb |
|
| 13 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 14 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 17 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 18 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 19 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 20 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.6.0-BETA1 |
| purl |
pkg:composer/symfony/symfony@2.6.0-BETA1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-f39p-q1k7-kfgt |
|
| 10 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 13 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 16 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 17 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 18 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@2.6.6 |
| purl |
pkg:composer/symfony/symfony@2.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 10 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 11 |
| vulnerability |
VCID-mtb5-t6y4-w3eb |
|
| 12 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 13 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 16 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 17 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 18 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6 |
|
|
| aliases |
CVE-2015-2309, GHSA-p684-f7fh-jv2j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5pmg-t1rb-wbd4 |
|
| 5 |
|
| 6 |
| url |
VCID-bhnt-pgq7-yya3 |
| vulnerability_id |
VCID-bhnt-pgq7-yya3 |
| summary |
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3 |
|
| 7 |
|
| 8 |
| url |
VCID-ef86-hqv4-6kaz |
| vulnerability_id |
VCID-ef86-hqv4-6kaz |
| summary |
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 20 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 13 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 14 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 15 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 16 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 19 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 20 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 21 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 22 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 23 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 24 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 25 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 26 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11406, GHSA-g4g7-q726-v5hg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz |
|
| 9 |
| url |
VCID-f2w1-nvm5-rub3 |
| vulnerability_id |
VCID-f2w1-nvm5-rub3 |
| summary |
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.
This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f2w1-nvm5-rub3 |
|
| 10 |
| url |
VCID-f39p-q1k7-kfgt |
| vulnerability_id |
VCID-f39p-q1k7-kfgt |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_allow list] parameters to system/preferences. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.6.4 |
| purl |
pkg:composer/symfony/symfony@2.6.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-5pmg-t1rb-wbd4 |
|
| 5 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 6 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 7 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 8 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 9 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 10 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mtb5-t6y4-w3eb |
|
| 13 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 14 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 17 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 18 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 19 |
| vulnerability |
VCID-wdz4-hfer-1ud1 |
|
| 20 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 21 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 22 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.4 |
|
|
| aliases |
CVE-2015-8766, GHSA-4c5w-qqfg-grf3
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f39p-q1k7-kfgt |
|
| 11 |
| url |
VCID-gjuz-mjah-e3bj |
| vulnerability_id |
VCID-gjuz-mjah-e3bj |
| summary |
Information Exposure Through Timing Discrepancy
Symfony allows remote attackers to have unspecified impact via a timing attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.6.12 |
| purl |
pkg:composer/symfony/symfony@2.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 10 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 11 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 12 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 13 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 14 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 15 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 16 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 17 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.7.7 |
| purl |
pkg:composer/symfony/symfony@2.7.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 14 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 15 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 20 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 21 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 22 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 23 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 24 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 25 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 26 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7 |
|
|
| aliases |
CVE-2015-8125, GHSA-g97c-jfx6-xvxh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gjuz-mjah-e3bj |
|
| 12 |
| url |
VCID-jqh6-rwsw-73bs |
| vulnerability_id |
VCID-jqh6-rwsw-73bs |
| summary |
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The UriSigner was subjectto timing attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs |
|
| 13 |
| url |
VCID-mtb5-t6y4-w3eb |
| vulnerability_id |
VCID-mtb5-t6y4-w3eb |
| summary |
Improper Access Control
FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.5.12 |
| purl |
pkg:composer/symfony/symfony@2.5.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-f39p-q1k7-kfgt |
|
| 10 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 13 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 16 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 17 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 18 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.6.8 |
| purl |
pkg:composer/symfony/symfony@2.6.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 10 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 11 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 12 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 13 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 14 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 15 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 16 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 17 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.8 |
|
|
| aliases |
CVE-2015-4050, GHSA-qmqw-mpqp-mr54
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mtb5-t6y4-w3eb |
|
| 14 |
| url |
VCID-nsuz-7sdv-abef |
| vulnerability_id |
VCID-nsuz-7sdv-abef |
| summary |
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 20 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 13 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 14 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 15 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 16 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 19 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 20 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 21 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 22 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 23 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 24 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 25 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 26 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11386, GHSA-r2rq-3h56-fqm4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef |
|
| 15 |
| url |
VCID-pj86-ync3-gyan |
| vulnerability_id |
VCID-pj86-ync3-gyan |
| summary |
Symfony has an incorrect response from Validator when input ends with `\n`
It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://symfony.com/cve-2024-50343 |
| reference_id |
CVE-2024-50343 |
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50343 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pj86-ync3-gyan |
|
| 16 |
| url |
VCID-qqd1-smb1-sbe8 |
| vulnerability_id |
VCID-qqd1-smb1-sbe8 |
| summary |
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.49 |
| purl |
pkg:composer/symfony/symfony@2.7.49 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 5 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 6 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 7 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 8 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 17 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.44 |
| purl |
pkg:composer/symfony/symfony@2.8.44 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 5 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 6 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 7 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 8 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 16 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 17 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 18 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 5 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 6 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 7 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 8 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 9 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 10 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 11 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 12 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 13 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 14 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 15 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 16 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 17 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 18 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 18 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 19 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 5 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-kktw-gsen-jyd8 |
|
| 15 |
| vulnerability |
VCID-m9e2-rg83-d7eb |
|
| 16 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 17 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8 |
|
| 17 |
| url |
VCID-ty9b-xe8v-r7ag |
| vulnerability_id |
VCID-ty9b-xe8v-r7ag |
| summary |
Session Fixation
Session fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.6.12 |
| purl |
pkg:composer/symfony/symfony@2.6.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 10 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 11 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 12 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 13 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 14 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 15 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 16 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 17 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.7.7 |
| purl |
pkg:composer/symfony/symfony@2.7.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 14 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 15 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 20 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 21 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 22 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 23 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 24 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 25 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 26 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7 |
|
|
| aliases |
CVE-2015-8124, GHSA-j5jh-hpr4-h332
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ty9b-xe8v-r7ag |
|
| 18 |
| url |
VCID-uk5a-g7em-gygd |
| vulnerability_id |
VCID-uk5a-g7em-gygd |
| summary |
Cryptographic Issues
The `nextBytes` function in the `SecureRandom` class in Symfony does not properly generate random numbers when used with PHP without the `paragonie/random_compat` library and the `openssl_random_pseudo_bytes` function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.6.13 |
| purl |
pkg:composer/symfony/symfony@2.6.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 10 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 11 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 12 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 13 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 14 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 15 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 16 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.13 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.7.9 |
| purl |
pkg:composer/symfony/symfony@2.7.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 14 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 15 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 22 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 23 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 24 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 25 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.9 |
|
|
| aliases |
CVE-2016-1902, GHSA-jjx5-fq5g-8xpc
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-g7em-gygd |
|
| 19 |
| url |
VCID-vyug-krcw-jyef |
| vulnerability_id |
VCID-vyug-krcw-jyef |
| summary |
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.48 |
| purl |
pkg:composer/symfony/symfony@2.7.48 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 20 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.41 |
| purl |
pkg:composer/symfony/symfony@2.8.41 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 13 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 14 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 15 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 16 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 19 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 20 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 21 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 22 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 23 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 24 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 25 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 26 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 12 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 13 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 14 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 15 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 16 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 17 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 18 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 19 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 4 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3kvp-hnpd-gbcq |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 17 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 18 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11385, GHSA-g4rg-rw65-8hfg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef |
|
| 20 |
| url |
VCID-wdz4-hfer-1ud1 |
| vulnerability_id |
VCID-wdz4-hfer-1ud1 |
| summary |
Esi Code Injection
Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.5.11 |
| purl |
pkg:composer/symfony/symfony@2.5.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-f39p-q1k7-kfgt |
|
| 10 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 11 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 12 |
| vulnerability |
VCID-mtb5-t6y4-w3eb |
|
| 13 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 14 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 15 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 16 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 17 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 18 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 19 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 20 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 21 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.6.6 |
| purl |
pkg:composer/symfony/symfony@2.6.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 2 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 3 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 4 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 5 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 6 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 7 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 8 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 9 |
| vulnerability |
VCID-gjuz-mjah-e3bj |
|
| 10 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 11 |
| vulnerability |
VCID-mtb5-t6y4-w3eb |
|
| 12 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 13 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 14 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 15 |
| vulnerability |
VCID-ty9b-xe8v-r7ag |
|
| 16 |
| vulnerability |
VCID-uk5a-g7em-gygd |
|
| 17 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 18 |
| vulnerability |
VCID-x4nv-gvag-7qf2 |
|
| 19 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 20 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6 |
|
|
| aliases |
CVE-2015-2308, GHSA-5c58-w9xc-qcj9
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wdz4-hfer-1ud1 |
|
| 21 |
| url |
VCID-x4nv-gvag-7qf2 |
| vulnerability_id |
VCID-x4nv-gvag-7qf2 |
| summary |
CVE-2016-4423: Large username storage in session
The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@2.7.13 |
| purl |
pkg:composer/symfony/symfony@2.7.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-dsbx-q641-4fc7 |
|
| 14 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 15 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 20 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 21 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 22 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 23 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 24 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@2.8.6 |
| purl |
pkg:composer/symfony/symfony@2.8.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-1y96-v19f-tkgg |
|
| 2 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 3 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 4 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 5 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 6 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 7 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 8 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 9 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 10 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 11 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 12 |
| vulnerability |
VCID-djnm-e9r4-c3f5 |
|
| 13 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 14 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 15 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 16 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 17 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 18 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 19 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 20 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 21 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 22 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 23 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 24 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 25 |
| vulnerability |
VCID-xdtu-22ad-63aq |
|
| 26 |
| vulnerability |
VCID-xj13-fspe-hfgv |
|
| 27 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 28 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 29 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@3.0.6 |
| purl |
pkg:composer/symfony/symfony@3.0.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-15tu-dfam-yqgh |
|
| 1 |
| vulnerability |
VCID-23hr-yznx-c3fb |
|
| 2 |
| vulnerability |
VCID-37et-21qw-skd7 |
|
| 3 |
| vulnerability |
VCID-3qct-gbgt-kkbb |
|
| 4 |
| vulnerability |
VCID-4f9e-eg67-cqbr |
|
| 5 |
| vulnerability |
VCID-6c6t-kmb3-2qcm |
|
| 6 |
| vulnerability |
VCID-7m45-bvbn-4qd3 |
|
| 7 |
| vulnerability |
VCID-91hk-tdtv-x7fp |
|
| 8 |
| vulnerability |
VCID-awma-bc9f-kfe2 |
|
| 9 |
| vulnerability |
VCID-bhnt-pgq7-yya3 |
|
| 10 |
| vulnerability |
VCID-c3qr-9rv2-yqh9 |
|
| 11 |
| vulnerability |
VCID-ef86-hqv4-6kaz |
|
| 12 |
| vulnerability |
VCID-f2w1-nvm5-rub3 |
|
| 13 |
| vulnerability |
VCID-frbz-vpfe-vbh9 |
|
| 14 |
| vulnerability |
VCID-jqh6-rwsw-73bs |
|
| 15 |
| vulnerability |
VCID-mew1-9shg-mugs |
|
| 16 |
| vulnerability |
VCID-nsuz-7sdv-abef |
|
| 17 |
| vulnerability |
VCID-p6f7-utd6-eqej |
|
| 18 |
| vulnerability |
VCID-pj86-ync3-gyan |
|
| 19 |
| vulnerability |
VCID-qqd1-smb1-sbe8 |
|
| 20 |
| vulnerability |
VCID-tx26-92jc-rkff |
|
| 21 |
| vulnerability |
VCID-uuk9-e5qy-rfgf |
|
| 22 |
| vulnerability |
VCID-vyug-krcw-jyef |
|
| 23 |
| vulnerability |
VCID-yetr-unnz-gbhn |
|
| 24 |
| vulnerability |
VCID-zeut-9wfp-q7et |
|
| 25 |
| vulnerability |
VCID-zgxf-qxwu-pqf9 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6 |
|
|
| aliases |
CVE-2016-4423, GHSA-whgv-8cg3-7hcm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x4nv-gvag-7qf2 |
|
| 22 |
| url |
VCID-yetr-unnz-gbhn |
| vulnerability_id |
VCID-yetr-unnz-gbhn |
| summary |
Symfony vulnerable to command execution hijack on Windows with Process class
On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://symfony.com/cve-2024-51736 |
| reference_id |
CVE-2024-51736 |
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51736 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51736, GHSA-qq5c-677p-737q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yetr-unnz-gbhn |
|
| 23 |
| url |
VCID-zgxf-qxwu-pqf9 |
| vulnerability_id |
VCID-zgxf-qxwu-pqf9 |
| summary |
Symfony vulnerable to open redirect via browser-sanitized URLs
The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://url.spec.whatwg.org |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/ |
|
|
| url |
https://url.spec.whatwg.org |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50345 |
| reference_id |
CVE-2024-50345 |
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50345 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9 |
|