Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-foundation@2.4.0-alpha
Typecomposer
Namespacesymfony
Namehttp-foundation
Version2.4.0-alpha
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.50
Latest_non_vulnerable_version7.3.7
Affected_by_vulnerabilities
0
url VCID-wwhm-mrr3-v7h3
vulnerability_id VCID-wwhm-mrr3-v7h3
summary 
Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
3
reference_url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
4
reference_url https://github.com/symfony/symfony/pull/14166
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/14166
5
reference_url https://symfony.com/cve-2015-2309
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2015-2309
6
reference_url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
7
reference_url https://github.com/advisories/GHSA-p684-f7fh-jv2j
reference_id GHSA-p684-f7fh-jv2j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p684-f7fh-jv2j
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.5.11
purl pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11
1
url pkg:composer/symfony/http-foundation@2.6.6
purl pkg:composer/symfony/http-foundation@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6
2
url pkg:composer/symfony/http-foundation@2.6.8
purl pkg:composer/symfony/http-foundation@2.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hua-7wbd-tqbx
1
vulnerability VCID-9bzz-84cq-ykh2
2
vulnerability VCID-bhfu-7788-fbhc
3
vulnerability VCID-jdsd-3vnz-uygn
4
vulnerability VCID-p1dw-w76f-gbfv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8
aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.0-alpha