Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/20802?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/20802?format=api", "purl": "pkg:composer/symfony/http-foundation@2.1.12", "type": "composer", "namespace": "symfony", "name": "http-foundation", "version": "2.1.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.4.50", "latest_non_vulnerable_version": "7.3.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124318?format=api", "vulnerability_id": "VCID-532e-g8g2-m3am", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01086", "scoring_system": "epss", "scoring_elements": "0.78314", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11386" }, { "reference_url": "https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler" }, { "reference_url": "https://symfony.com/cve-2018-11386", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11386" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386367?format=api", "purl": "pkg:composer/symfony/http-foundation@2.7.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/386368?format=api", "purl": "pkg:composer/symfony/http-foundation@2.8.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/386369?format=api", "purl": "pkg:composer/symfony/http-foundation@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/386370?format=api", "purl": "pkg:composer/symfony/http-foundation@3.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/386371?format=api", "purl": "pkg:composer/symfony/http-foundation@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11" } ], "aliases": [ "CVE-2018-11386", "GHSA-r2rq-3h56-fqm4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-532e-g8g2-m3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56765?format=api", "vulnerability_id": "VCID-6aj5-vhfg-qkgk", "summary": "symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60737", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345" }, { "reference_url": "https://symfony.com/cve-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50345" }, { "reference_url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://url.spec.whatwg.org", "reference_id": "url.spec.whatwg.org", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://url.spec.whatwg.org" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372840?format=api", "purl": "pkg:composer/symfony/http-foundation@5.4.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/372841?format=api", "purl": "pkg:composer/symfony/http-foundation@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/372842?format=api", "purl": "pkg:composer/symfony/http-foundation@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/757264?format=api", "purl": "pkg:composer/symfony/http-foundation@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.2.0-BETA1" } ], "aliases": [ "CVE-2024-50345", "GHSA-mrqx-rp3w-jpjp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211992?format=api", "vulnerability_id": "VCID-b6m1-dn1m-h3ge", "summary": "Symfony vulnerable to denial of service via a malicious HTTP Host header", "references": [ { "reference_url": "https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8" }, { "reference_url": "https://github.com/symfony/symfony/pull/11828", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/11828" }, { "reference_url": "https://symfony.com/cve-2014-5244", "reference_id": "CVE-2014-5244", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2014-5244" }, { "reference_url": "https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header", "reference_id": "CVE-2014-5244-DENIAL-OF-SERVICE-WITH-A-MALICIOUS-HTTP-HOST-HEADER", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml", "reference_id": "CVE-2014-5244.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml", "reference_id": "CVE-2014-5244.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-v77v-x634-9m56", "reference_id": "GHSA-v77v-x634-9m56", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v77v-x634-9m56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31789?format=api", "purl": "pkg:composer/symfony/http-foundation@2.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/31791?format=api", "purl": "pkg:composer/symfony/http-foundation@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/402385?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31788?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31797?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11" } ], "aliases": [ "CVE-2014-5244", "GHSA-v77v-x634-9m56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6m1-dn1m-h3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175222?format=api", "vulnerability_id": "VCID-bhuc-44kp-3fgx", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16652", "scoring_system": "epss", "scoring_elements": "0.95079", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/21" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4441", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4441" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2018-005" }, { "reference_url": "http://www.securityfocus.com/bid/104943", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/104943" }, { "reference_url": "http://www.securitytracker.com/id/1041405", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041405" }, { "reference_url": "https://security.archlinux.org/AVG-744", "reference_id": "AVG-744", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-744" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14773", "reference_id": "CVE-2018-14773", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14773" }, { "reference_url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers", "reference_id": "CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml", "reference_id": "CVE-2018-14773.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml", "reference_id": "CVE-2018-14773.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8wgj-6wx8-h5hq", "reference_id": "GHSA-8wgj-6wx8-h5hq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wgj-6wx8-h5hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21024?format=api", "purl": "pkg:composer/symfony/http-foundation@2.7.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/21036?format=api", "purl": "pkg:composer/symfony/http-foundation@2.8.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/21025?format=api", "purl": "pkg:composer/symfony/http-foundation@3.3.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/21032?format=api", "purl": "pkg:composer/symfony/http-foundation@3.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/21028?format=api", "purl": "pkg:composer/symfony/http-foundation@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/21027?format=api", "purl": "pkg:composer/symfony/http-foundation@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-277x-pbyn-v7em" }, { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3" } ], "aliases": [ "CVE-2018-14773", "GHSA-8wgj-6wx8-h5hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177860?format=api", "vulnerability_id": "VCID-rp8k-1gkg-syfa", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.85117", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18888" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v4.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v4.3.8" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://symfony.com/blog/symfony-4-3-8-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/symfony-4-3-8-released" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18888", "reference_id": "CVE-2019-18888", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18888" }, { "reference_url": "https://symfony.com/cve-2019-18888", "reference_id": "CVE-2019-18888", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-18888" }, { "reference_url": "https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser", "reference_id": "CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml", "reference_id": "CVE-2019-18888.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml", "reference_id": "CVE-2019-18888.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml", "reference_id": "CVE-2019-18888.YAML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-xhh6-956q-4q69", "reference_id": "GHSA-xhh6-956q-4q69", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhh6-956q-4q69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15846?format=api", "purl": "pkg:composer/symfony/http-foundation@2.8.52", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52" }, { "url": "http://public2.vulnerablecode.io/api/packages/15842?format=api", "purl": "pkg:composer/symfony/http-foundation@3.4.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/15844?format=api", "purl": "pkg:composer/symfony/http-foundation@4.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/15850?format=api", "purl": "pkg:composer/symfony/http-foundation@4.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48cj-cbs6-83d7" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8" } ], "aliases": [ "CVE-2019-18888", "GHSA-xhh6-956q-4q69" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp8k-1gkg-syfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211993?format=api", "vulnerability_id": "VCID-ybs8-7wz2-quc4", "summary": "Symfony has a security issue when parsing the Authorization header", "references": [ { "reference_url": "https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904" }, { "reference_url": "https://github.com/symfony/symfony/pull/11829", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/11829" }, { "reference_url": "https://symfony.com/cve-2014-6061", "reference_id": "CVE-2014-6061", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2014-6061" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml", "reference_id": "CVE-2014-6061.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml", "reference_id": "CVE-2014-6061.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7v2-2qwg-h829", "reference_id": "GHSA-h7v2-2qwg-h829", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7v2-2qwg-h829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31789?format=api", "purl": "pkg:composer/symfony/http-foundation@2.3.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/31791?format=api", "purl": "pkg:composer/symfony/http-foundation@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/402385?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/31788?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/31797?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11" } ], "aliases": [ "CVE-2014-6061", "GHSA-h7v2-2qwg-h829" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybs8-7wz2-quc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203857?format=api", "vulnerability_id": "VCID-yu7n-cv95-abc7", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309" }, { "reference_url": "https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84" }, { "reference_url": "https://github.com/symfony/symfony/pull/14166", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/14166" }, { "reference_url": "https://symfony.com/cve-2015-2309", "reference_id": "CVE-2015-2309", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2015-2309" }, { "reference_url": "http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class", "reference_id": "CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS", "reference_type": "", "scores": [], "url": "http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml", "reference_id": "CVE-2015-2309.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml", "reference_id": "CVE-2015-2309.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-p684-f7fh-jv2j", "reference_id": "GHSA-p684-f7fh-jv2j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p684-f7fh-jv2j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31796?format=api", "purl": "pkg:composer/symfony/http-foundation@2.3.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/402372?format=api", "purl": "pkg:composer/symfony/http-foundation@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-b6m1-dn1m-h3ge" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-ybs8-7wz2-quc4" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/31797?format=api", "purl": "pkg:composer/symfony/http-foundation@2.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/31795?format=api", "purl": "pkg:composer/symfony/http-foundation@2.6.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/403930?format=api", "purl": "pkg:composer/symfony/http-foundation@2.6.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8" } ], "aliases": [ "CVE-2015-2309", "GHSA-p684-f7fh-jv2j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu7n-cv95-abc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90445?format=api", "vulnerability_id": "VCID-zws9-ffpd-5ffw", "summary": "Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06307", "scoring_system": "epss", "scoring_elements": "0.91154", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac", "reference_id": "9962b91b12bb791322fa73836b350836b6db7cac", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500", "reference_id": "CVE-2025-64500", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500" }, { "reference_url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_id": "cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.yaml", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.yaml", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35129?format=api", "purl": "pkg:composer/symfony/http-foundation@5.4.50", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/35127?format=api", "purl": "pkg:composer/symfony/http-foundation@6.4.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/35131?format=api", "purl": "pkg:composer/symfony/http-foundation@7.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.3.7" } ], "aliases": [ "CVE-2025-64500", "GHSA-3rg7-wf37-54rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209285?format=api", "vulnerability_id": "VCID-a3d8-ejjy-uyhs", "summary": "Symfony Host Header Injection vulnerability in the HttpFoundation component", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00928", "scoring_system": "epss", "scoring_elements": "0.76528", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86365", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86365" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86366", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86366" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86367" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86368", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86368" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86369" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86370", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86370" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86371", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86371" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86372" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86373", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86373" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86374", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86374" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released" }, { "reference_url": "https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715" }, { "reference_url": "http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4752", "reference_id": "CVE-2013-4752", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4752" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml", "reference_id": "CVE-2013-4752.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml", "reference_id": "CVE-2013-4752.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-22pv-7v9j-hqxp", "reference_id": "GHSA-22pv-7v9j-hqxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-22pv-7v9j-hqxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20793?format=api", "purl": "pkg:composer/symfony/http-foundation@2.0.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-b6m1-dn1m-h3ge" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-ybs8-7wz2-quc4" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/20802?format=api", "purl": "pkg:composer/symfony/http-foundation@2.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-b6m1-dn1m-h3ge" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-ybs8-7wz2-quc4" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/20800?format=api", "purl": "pkg:composer/symfony/http-foundation@2.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-b6m1-dn1m-h3ge" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-ybs8-7wz2-quc4" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20798?format=api", "purl": "pkg:composer/symfony/http-foundation@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-532e-g8g2-m3am" }, { "vulnerability": "VCID-6aj5-vhfg-qkgk" }, { "vulnerability": "VCID-b6m1-dn1m-h3ge" }, { "vulnerability": "VCID-bhuc-44kp-3fgx" }, { "vulnerability": "VCID-rp8k-1gkg-syfa" }, { "vulnerability": "VCID-ybs8-7wz2-quc4" }, { "vulnerability": "VCID-yu7n-cv95-abc7" }, { "vulnerability": "VCID-zws9-ffpd-5ffw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.3" } ], "aliases": [ "CVE-2013-4752", "GHSA-22pv-7v9j-hqxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3d8-ejjy-uyhs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.12" }