| 0 |
| url |
VCID-2fjn-22pk-p7fx |
| vulnerability_id |
VCID-2fjn-22pk-p7fx |
| summary |
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| url |
VCID-93v3-vzkx-xqba |
| vulnerability_id |
VCID-93v3-vzkx-xqba |
| summary |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2021-41267, GHSA-q3j3-w37x-hq2q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-93v3-vzkx-xqba |
|
| 11 |
| url |
VCID-9mbr-qumx-8yhz |
| vulnerability_id |
VCID-9mbr-qumx-8yhz |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51736 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2024-51736, GHSA-qq5c-677p-737q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz |
|
| 12 |
|
| 13 |
| url |
VCID-ctsg-cxd2-c7ar |
| vulnerability_id |
VCID-ctsg-cxd2-c7ar |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-51996 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51996 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 6 |
|
|
| aliases |
CVE-2024-51996, GHSA-cg23-qf8f-62rr
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ctsg-cxd2-c7ar |
|
| 14 |
| url |
VCID-dmsr-jrsf-tqdu |
| vulnerability_id |
VCID-dmsr-jrsf-tqdu |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50342 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50342 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 6 |
|
|
| aliases |
CVE-2024-50342, GHSA-9c3x-r3wp-mgxm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsr-jrsf-tqdu |
|
| 15 |
| url |
VCID-dw66-36y1-g7hz |
| vulnerability_id |
VCID-dw66-36y1-g7hz |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50341 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50341 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 5 |
|
|
| aliases |
CVE-2024-50341, GHSA-jxgr-3v7q-3w9v
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dw66-36y1-g7hz |
|
| 16 |
|
| 17 |
| url |
VCID-hkcs-2mjk-ubhw |
| vulnerability_id |
VCID-hkcs-2mjk-ubhw |
| summary |
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.
This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkcs-2mjk-ubhw |
|
| 18 |
|
| 19 |
| url |
VCID-j49y-k2gh-sya6 |
| vulnerability_id |
VCID-j49y-k2gh-sya6 |
| summary |
Empty passwords validation issue
Validating a user password with a `UserPassword` constraint but with no `NotBlank` constraint passes without any error (the empty password would not be compared with the user password). Note that you should always be explicit and add a `NotBlank` constraint, but as it worked before without, it's considered as a backward compatibility break and a security issue. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2017-11365, GHSA-q87v-q8fw-gmj5
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j49y-k2gh-sya6 |
|
| 20 |
| url |
VCID-pnq6-u1q3-ebff |
| vulnerability_id |
VCID-pnq6-u1q3-ebff |
| summary |
Cross-site scripting
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now does not return any user-submitted input in its response. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://symfony.com/cve-2023-46735 |
| reference_id |
CVE-2023-46735 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2023-46735 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2023-46735, GHSA-72x2-5c85-6wmr
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pnq6-u1q3-ebff |
|
| 21 |
| url |
VCID-s5vg-85nk-tkfs |
| vulnerability_id |
VCID-s5vg-85nk-tkfs |
| summary |
Session Fixation
`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2021-41268, GHSA-qw36-p97w-vcqr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s5vg-85nk-tkfs |
|
| 22 |
| url |
VCID-v78k-j32n-vyac |
| vulnerability_id |
VCID-v78k-j32n-vyac |
| summary |
Symfony possible session fixation vulnerability
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier does not change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 6 |
|
|
| aliases |
CVE-2023-46733, GHSA-m2wj-r6g3-fxfx
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v78k-j32n-vyac |
|
| 23 |
| url |
VCID-wtr6-xz9n-uqg3 |
| vulnerability_id |
VCID-wtr6-xz9n-uqg3 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50340 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50340 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 6 |
|
|
| aliases |
CVE-2024-50340, GHSA-x8vp-gf4q-mw5j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wtr6-xz9n-uqg3 |
|
| 24 |
|
| 25 |
|
| 26 |
| url |
VCID-ytp3-19j3-8qh8 |
| vulnerability_id |
VCID-ytp3-19j3-8qh8 |
| summary |
Uncontrolled Resource Consumption
The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| purl |
pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31pu-2pt7-2fh2 |
|
| 1 |
| vulnerability |
VCID-3rs1-f6qt-vqbn |
|
| 2 |
| vulnerability |
VCID-4e6m-3qj2-67ag |
|
| 3 |
| vulnerability |
VCID-4ufx-41vp-ducg |
|
| 4 |
| vulnerability |
VCID-5113-3b42-j3eh |
|
| 5 |
| vulnerability |
VCID-5qmw-a84t-dfge |
|
| 6 |
| vulnerability |
VCID-8akz-87u4-7uh9 |
|
| 7 |
| vulnerability |
VCID-8vur-b48u-pqeu |
|
| 8 |
| vulnerability |
VCID-9cfq-wdcw-13f8 |
|
| 9 |
| vulnerability |
VCID-brbn-9szp-2ubx |
|
| 10 |
| vulnerability |
VCID-btxp-ywr3-ukgj |
|
| 11 |
| vulnerability |
VCID-buyw-5tjv-myem |
|
| 12 |
| vulnerability |
VCID-cfca-cgne-4fev |
|
| 13 |
| vulnerability |
VCID-d7r9-9h57-5yen |
|
| 14 |
| vulnerability |
VCID-fh6h-dyx9-83h1 |
|
| 15 |
| vulnerability |
VCID-gd71-zeaf-zqbr |
|
| 16 |
| vulnerability |
VCID-kxff-fp12-qfcu |
|
| 17 |
| vulnerability |
VCID-mzxb-ryz7-xbev |
|
| 18 |
| vulnerability |
VCID-nsrm-u4km-qqa1 |
|
| 19 |
| vulnerability |
VCID-qscu-huud-4fbz |
|
| 20 |
| vulnerability |
VCID-styq-7bbp-pbf6 |
|
| 21 |
| vulnerability |
VCID-usft-rqta-eyhg |
|
| 22 |
| vulnerability |
VCID-wv5b-2644-w3gf |
|
| 23 |
| vulnerability |
VCID-ya1e-7bph-pqgp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie |
|
| 4 |
|
|
| aliases |
CVE-2013-5958, GHSA-cr49-fx2v-9p57
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytp3-19j3-8qh8 |
|
| 27 |
|