Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@3.1.7
Typecomposer
Namespacesymfony
Namesymfony
Version3.1.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.48
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-23hr-yznx-c3fb
vulnerability_id VCID-23hr-yznx-c3fb
summary 
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50897
published_at 2026-06-05T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50835
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
15
reference_url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
16
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
17
reference_url https://symfony.com/cve-2019-10911
reference_id CVE-2019-10911
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10911
18
reference_url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
reference_id GHSA-cchx-mfrc-fwqr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
1
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-kktw-gsen-jyd8
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
2
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-3kvp-hnpd-gbcq
2
vulnerability VCID-9m8x-djng-8ye3
3
vulnerability VCID-jqh6-rwsw-73bs
4
vulnerability VCID-kktw-gsen-jyd8
5
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb
1
url VCID-37et-21qw-skd7
vulnerability_id VCID-37et-21qw-skd7
summary 
Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.85061
published_at 2026-06-04T12:55:00Z
1
value 0.0231
scoring_system epss
scoring_elements 0.85085
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
6
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
20
reference_url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
21
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
22
reference_url https://symfony.com/cve-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18888
23
reference_url https://github.com/advisories/GHSA-xhh6-956q-4q69
reference_id GHSA-xhh6-956q-4q69
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhh6-956q-4q69
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.35
purl pkg:composer/symfony/symfony@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35
1
url pkg:composer/symfony/symfony@4.2.12
purl pkg:composer/symfony/symfony@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kktw-gsen-jyd8
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12
2
url pkg:composer/symfony/symfony@4.3.8
purl pkg:composer/symfony/symfony@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8
aliases CVE-2019-18888, GHSA-xhh6-956q-4q69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7
2
url VCID-3kvp-hnpd-gbcq
vulnerability_id VCID-3kvp-hnpd-gbcq
summary 
Injection Vulnerability
An issue was discovered in Symfony. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18889
reference_id
reference_type
scores
0
value 0.05134
scoring_system epss
scoring_elements 0.90032
published_at 2026-06-04T12:55:00Z
1
value 0.05134
scoring_system epss
scoring_elements 0.90047
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18889
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml
4
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18889
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18889
10
reference_url https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances
11
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
12
reference_url https://symfony.com/cve-2019-18889
reference_id CVE-2019-18889
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18889
13
reference_url https://github.com/advisories/GHSA-79gr-58r3-pwm3
reference_id GHSA-79gr-58r3-pwm3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-79gr-58r3-pwm3
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.0
purl pkg:composer/symfony/symfony@3.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-ef86-hqv4-6kaz
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-nsuz-7sdv-abef
11
vulnerability VCID-p6f7-utd6-eqej
12
vulnerability VCID-qqd1-smb1-sbe8
13
vulnerability VCID-tx26-92jc-rkff
14
vulnerability VCID-uuk9-e5qy-rfgf
15
vulnerability VCID-vyug-krcw-jyef
16
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0
1
url pkg:composer/symfony/symfony@3.4.35
purl pkg:composer/symfony/symfony@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35
2
url pkg:composer/symfony/symfony@4.2.12
purl pkg:composer/symfony/symfony@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kktw-gsen-jyd8
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12
3
url pkg:composer/symfony/symfony@4.3.8
purl pkg:composer/symfony/symfony@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8
aliases CVE-2019-18889, GHSA-79gr-58r3-pwm3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kvp-hnpd-gbcq
3
url VCID-3qct-gbgt-kkbb
vulnerability_id VCID-3qct-gbgt-kkbb
summary 
Cross-site Scripting
The debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18343
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66533
published_at 2026-06-04T12:55:00Z
1
value 0.00504
scoring_system epss
scoring_elements 0.66573
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18343
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18343
reference_id CVE-2017-18343
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-18343
fixed_packages
0
url pkg:composer/symfony/symfony@3.2.13
purl pkg:composer/symfony/symfony@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-djnm-e9r4-c3f5
7
vulnerability VCID-dsbx-q641-4fc7
8
vulnerability VCID-ef86-hqv4-6kaz
9
vulnerability VCID-frbz-vpfe-vbh9
10
vulnerability VCID-jqh6-rwsw-73bs
11
vulnerability VCID-mew1-9shg-mugs
12
vulnerability VCID-nsuz-7sdv-abef
13
vulnerability VCID-p6f7-utd6-eqej
14
vulnerability VCID-qqd1-smb1-sbe8
15
vulnerability VCID-tx26-92jc-rkff
16
vulnerability VCID-uuk9-e5qy-rfgf
17
vulnerability VCID-vyug-krcw-jyef
18
vulnerability VCID-xdtu-22ad-63aq
19
vulnerability VCID-xj13-fspe-hfgv
20
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13
1
url pkg:composer/symfony/symfony@3.3.6
purl pkg:composer/symfony/symfony@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-djnm-e9r4-c3f5
8
vulnerability VCID-dsbx-q641-4fc7
9
vulnerability VCID-ef86-hqv4-6kaz
10
vulnerability VCID-frbz-vpfe-vbh9
11
vulnerability VCID-jqh6-rwsw-73bs
12
vulnerability VCID-mew1-9shg-mugs
13
vulnerability VCID-nsuz-7sdv-abef
14
vulnerability VCID-p6f7-utd6-eqej
15
vulnerability VCID-qqd1-smb1-sbe8
16
vulnerability VCID-tx26-92jc-rkff
17
vulnerability VCID-uuk9-e5qy-rfgf
18
vulnerability VCID-vyug-krcw-jyef
19
vulnerability VCID-xdtu-22ad-63aq
20
vulnerability VCID-xj13-fspe-hfgv
21
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6
aliases CVE-2017-18343
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qct-gbgt-kkbb
4
url VCID-6c6t-kmb3-2qcm
vulnerability_id VCID-6c6t-kmb3-2qcm
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58063
published_at 2026-06-04T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.58114
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
13
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
14
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
15
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
17
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
18
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
19
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
1
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-kktw-gsen-jyd8
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
2
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-3kvp-hnpd-gbcq
2
vulnerability VCID-9m8x-djng-8ye3
3
vulnerability VCID-jqh6-rwsw-73bs
4
vulnerability VCID-kktw-gsen-jyd8
5
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm
5
url VCID-7m45-bvbn-4qd3
vulnerability_id VCID-7m45-bvbn-4qd3
summary 
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.4935
published_at 2026-06-05T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49289
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
11
reference_url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
13
reference_url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
14
reference_url https://symfony.com/cve-2019-10913
reference_id CVE-2019-10913
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10913
15
reference_url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
reference_id GHSA-x92h-wmg2-6hp7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
1
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-kktw-gsen-jyd8
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
2
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-3kvp-hnpd-gbcq
2
vulnerability VCID-9m8x-djng-8ye3
3
vulnerability VCID-jqh6-rwsw-73bs
4
vulnerability VCID-kktw-gsen-jyd8
5
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10913, GHSA-x92h-wmg2-6hp7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3
6
url VCID-awma-bc9f-kfe2
vulnerability_id VCID-awma-bc9f-kfe2
summary 
Symfony Service IDs Allow Injection
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10910
reference_id
reference_type
scores
0
value 0.11901
scoring_system epss
scoring_elements 0.93887
published_at 2026-06-05T12:55:00Z
1
value 0.11901
scoring_system epss
scoring_elements 0.93877
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10910
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
10
reference_url https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
11
reference_url https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
12
reference_url https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
13
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10910
reference_id CVE-2019-10910
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10910
15
reference_url https://symfony.com/cve-2019-10910
reference_id CVE-2019-10910
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10910
16
reference_url https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
reference_id CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
17
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
18
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
20
reference_url https://github.com/advisories/GHSA-pgwj-prpq-jpc2
reference_id GHSA-pgwj-prpq-jpc2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgwj-prpq-jpc2
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
1
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-kktw-gsen-jyd8
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
2
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-3kvp-hnpd-gbcq
2
vulnerability VCID-9m8x-djng-8ye3
3
vulnerability VCID-jqh6-rwsw-73bs
4
vulnerability VCID-kktw-gsen-jyd8
5
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10910, GHSA-pgwj-prpq-jpc2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awma-bc9f-kfe2
7
url VCID-ef86-hqv4-6kaz
vulnerability_id VCID-ef86-hqv4-6kaz
summary 
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.39996
published_at 2026-06-05T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.39914
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
19
reference_url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
20
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
21
reference_url https://symfony.com/cve-2018-11406
reference_id CVE-2018-11406
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11406
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-uuk9-e5qy-rfgf
16
vulnerability VCID-vyug-krcw-jyef
17
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
1
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-qqd1-smb1-sbe8
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
2
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-p6f7-utd6-eqej
11
vulnerability VCID-qqd1-smb1-sbe8
12
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11406, GHSA-g4g7-q726-v5hg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz
8
url VCID-frbz-vpfe-vbh9
vulnerability_id VCID-frbz-vpfe-vbh9
summary 
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
reference_id
reference_type
scores
0
value 0.00869
scoring_system epss
scoring_elements 0.75566
published_at 2026-06-05T12:55:00Z
1
value 0.00869
scoring_system epss
scoring_elements 0.75538
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c
13
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19789
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19789
18
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
19
reference_url https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
20
reference_url https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249
21
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
22
reference_url https://symfony.com/cve-2018-19789
reference_id CVE-2018-19789
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-19789
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.20
purl pkg:composer/symfony/symfony@3.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-6c6t-kmb3-2qcm
3
vulnerability VCID-7m45-bvbn-4qd3
4
vulnerability VCID-awma-bc9f-kfe2
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-p6f7-utd6-eqej
7
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20
1
url pkg:composer/symfony/symfony@4.0.15
purl pkg:composer/symfony/symfony@4.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-jqh6-rwsw-73bs
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15
2
url pkg:composer/symfony/symfony@4.1.9
purl pkg:composer/symfony/symfony@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-jqh6-rwsw-73bs
7
vulnerability VCID-kktw-gsen-jyd8
8
vulnerability VCID-p6f7-utd6-eqej
9
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9
3
url pkg:composer/symfony/symfony@4.2.1
purl pkg:composer/symfony/symfony@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-9m8x-djng-8ye3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-kktw-gsen-jyd8
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1
aliases CVE-2018-19789, GHSA-x3cf-w64x-4cp2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9
9
url VCID-jqh6-rwsw-73bs
vulnerability_id VCID-jqh6-rwsw-73bs
summary 
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The UriSigner was subjectto timing attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74617
published_at 2026-06-04T12:55:00Z
1
value 0.00813
scoring_system epss
scoring_elements 0.74649
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
5
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
19
reference_url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
20
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
21
reference_url https://symfony.com/cve-2019-18887
reference_id CVE-2019-18887
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18887
22
reference_url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
reference_id GHSA-q8hg-pf8v-cxrv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.35
purl pkg:composer/symfony/symfony@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35
1
url pkg:composer/symfony/symfony@4.2.12
purl pkg:composer/symfony/symfony@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kktw-gsen-jyd8
1
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12
2
url pkg:composer/symfony/symfony@4.3.8
purl pkg:composer/symfony/symfony@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8
aliases CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs
10
url VCID-mew1-9shg-mugs
vulnerability_id VCID-mew1-9shg-mugs
summary 
URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19790
reference_id
reference_type
scores
0
value 0.00447
scoring_system epss
scoring_elements 0.63875
published_at 2026-06-05T12:55:00Z
1
value 0.00447
scoring_system epss
scoring_elements 0.63833
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19790
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b
14
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19790
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19790
22
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
23
reference_url https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
24
reference_url https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249
25
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
26
reference_url http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106249
27
reference_url https://symfony.com/cve-2018-19790
reference_id CVE-2018-19790
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-19790
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.20
purl pkg:composer/symfony/symfony@3.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-6c6t-kmb3-2qcm
3
vulnerability VCID-7m45-bvbn-4qd3
4
vulnerability VCID-awma-bc9f-kfe2
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-p6f7-utd6-eqej
7
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20
1
url pkg:composer/symfony/symfony@4.0.15
purl pkg:composer/symfony/symfony@4.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-jqh6-rwsw-73bs
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15
2
url pkg:composer/symfony/symfony@4.1.9
purl pkg:composer/symfony/symfony@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-jqh6-rwsw-73bs
7
vulnerability VCID-kktw-gsen-jyd8
8
vulnerability VCID-p6f7-utd6-eqej
9
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9
3
url pkg:composer/symfony/symfony@4.2.1
purl pkg:composer/symfony/symfony@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-9m8x-djng-8ye3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-kktw-gsen-jyd8
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1
aliases CVE-2018-19790, GHSA-89r2-5g34-2g47
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs
11
url VCID-nsuz-7sdv-abef
vulnerability_id VCID-nsuz-7sdv-abef
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.7827
published_at 2026-06-05T12:55:00Z
1
value 0.01086
scoring_system epss
scoring_elements 0.78244
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
16
reference_url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11386
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-uuk9-e5qy-rfgf
16
vulnerability VCID-vyug-krcw-jyef
17
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
1
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-qqd1-smb1-sbe8
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
2
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-p6f7-utd6-eqej
11
vulnerability VCID-qqd1-smb1-sbe8
12
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef
12
url VCID-p6f7-utd6-eqej
vulnerability_id VCID-p6f7-utd6-eqej
summary 
Information Exposure
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56852
published_at 2026-06-05T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56801
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
8
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
9
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
19
reference_url https://symfony.com/cve-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-21424
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
reference_id CVE-2021-21424
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
21
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
reference_id GHSA-5pv8-ppvj-4h68
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
22
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.48
purl pkg:composer/symfony/symfony@3.4.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.48
1
url pkg:composer/symfony/symfony@3.4.49
purl pkg:composer/symfony/symfony@3.4.49
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.49
2
url pkg:composer/symfony/symfony@4.4.23
purl pkg:composer/symfony/symfony@4.4.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.23
3
url pkg:composer/symfony/symfony@4.4.24
purl pkg:composer/symfony/symfony@4.4.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.24
4
url pkg:composer/symfony/symfony@5.2.8
purl pkg:composer/symfony/symfony@5.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8
5
url pkg:composer/symfony/symfony@5.2.9
purl pkg:composer/symfony/symfony@5.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.9
aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej
13
url VCID-qqd1-smb1-sbe8
vulnerability_id VCID-qqd1-smb1-sbe8
summary 
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.95057
published_at 2026-06-05T12:55:00Z
1
value 0.16652
scoring_system epss
scoring_elements 0.95049
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
11
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
12
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
14
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
15
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
16
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
17
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
18
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
19
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
20
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
21
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.18
purl pkg:composer/symfony/symfony@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-qqd1-smb1-sbe8
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18
1
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-6c6t-kmb3-2qcm
3
vulnerability VCID-7m45-bvbn-4qd3
4
vulnerability VCID-awma-bc9f-kfe2
5
vulnerability VCID-frbz-vpfe-vbh9
6
vulnerability VCID-jqh6-rwsw-73bs
7
vulnerability VCID-mew1-9shg-mugs
8
vulnerability VCID-p6f7-utd6-eqej
9
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
2
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
3
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-kktw-gsen-jyd8
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-p6f7-utd6-eqej
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8
14
url VCID-tx26-92jc-rkff
vulnerability_id VCID-tx26-92jc-rkff
summary 
URL Redirection to Untrusted Site (Open Redirect)
The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11408
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54265
published_at 2026-06-05T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.54208
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11408
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
6
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11408
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11408
11
reference_url https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
12
reference_url https://symfony.com/cve-2018-11408
reference_id CVE-2018-11408
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11408
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-uuk9-e5qy-rfgf
16
vulnerability VCID-vyug-krcw-jyef
17
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
1
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-qqd1-smb1-sbe8
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
2
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-p6f7-utd6-eqej
11
vulnerability VCID-qqd1-smb1-sbe8
12
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11408, GHSA-7hwc-2cq4-6x2w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tx26-92jc-rkff
15
url VCID-uuk9-e5qy-rfgf
vulnerability_id VCID-uuk9-e5qy-rfgf
summary 
Improper Authentication
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33996
published_at 2026-06-05T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.33894
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
5
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
6
reference_url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
7
reference_url https://github.com/symfony/symfony/pull/27377
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/27377
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
9
reference_url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
10
reference_url https://symfony.com/cve-2018-11407
reference_id CVE-2018-11407
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11407
11
reference_url https://usn.ubuntu.com/USN-4836-1/
reference_id USN-USN-4836-1
reference_type
scores
url https://usn.ubuntu.com/USN-4836-1/
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-uuk9-e5qy-rfgf
16
vulnerability VCID-vyug-krcw-jyef
17
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
1
url pkg:composer/symfony/symfony@3.4.7
purl pkg:composer/symfony/symfony@3.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-ef86-hqv4-6kaz
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-nsuz-7sdv-abef
11
vulnerability VCID-p6f7-utd6-eqej
12
vulnerability VCID-qqd1-smb1-sbe8
13
vulnerability VCID-tx26-92jc-rkff
14
vulnerability VCID-vyug-krcw-jyef
15
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7
2
url pkg:composer/symfony/symfony@4.0.7
purl pkg:composer/symfony/symfony@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-vyug-krcw-jyef
16
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7
aliases CVE-2018-11407, GHSA-35c5-28pg-2qg4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuk9-e5qy-rfgf
16
url VCID-vyug-krcw-jyef
vulnerability_id VCID-vyug-krcw-jyef
summary 
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
reference_id
reference_type
scores
0
value 0.00904
scoring_system epss
scoring_elements 0.76092
published_at 2026-06-04T12:55:00Z
1
value 0.00904
scoring_system epss
scoring_elements 0.76117
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
14
reference_url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
15
reference_url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
16
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
21
reference_url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
22
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
23
reference_url https://symfony.com/cve-2018-11385
reference_id CVE-2018-11385
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11385
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-ef86-hqv4-6kaz
8
vulnerability VCID-frbz-vpfe-vbh9
9
vulnerability VCID-jqh6-rwsw-73bs
10
vulnerability VCID-mew1-9shg-mugs
11
vulnerability VCID-nsuz-7sdv-abef
12
vulnerability VCID-p6f7-utd6-eqej
13
vulnerability VCID-qqd1-smb1-sbe8
14
vulnerability VCID-tx26-92jc-rkff
15
vulnerability VCID-uuk9-e5qy-rfgf
16
vulnerability VCID-vyug-krcw-jyef
17
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
1
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-awma-bc9f-kfe2
6
vulnerability VCID-frbz-vpfe-vbh9
7
vulnerability VCID-jqh6-rwsw-73bs
8
vulnerability VCID-mew1-9shg-mugs
9
vulnerability VCID-p6f7-utd6-eqej
10
vulnerability VCID-qqd1-smb1-sbe8
11
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
2
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y96-v19f-tkgg
1
vulnerability VCID-23hr-yznx-c3fb
2
vulnerability VCID-37et-21qw-skd7
3
vulnerability VCID-3kvp-hnpd-gbcq
4
vulnerability VCID-6c6t-kmb3-2qcm
5
vulnerability VCID-7m45-bvbn-4qd3
6
vulnerability VCID-awma-bc9f-kfe2
7
vulnerability VCID-frbz-vpfe-vbh9
8
vulnerability VCID-jqh6-rwsw-73bs
9
vulnerability VCID-mew1-9shg-mugs
10
vulnerability VCID-p6f7-utd6-eqej
11
vulnerability VCID-qqd1-smb1-sbe8
12
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11385, GHSA-g4rg-rw65-8hfg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef
17
url VCID-zeut-9wfp-q7et
vulnerability_id VCID-zeut-9wfp-q7et
summary 
Deserialization of Untrusted Data
In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
reference_id
reference_type
scores
0
value 0.01116
scoring_system epss
scoring_elements 0.78566
published_at 2026-06-05T12:55:00Z
1
value 0.01116
scoring_system epss
scoring_elements 0.78539
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
37
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
38
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
39
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
42
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
43
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-016
44
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
45
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
46
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
47
reference_url https://symfony.com/cve-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10912
48
reference_url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
reference_id CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
49
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
50
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
51
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
52
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
53
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
54
reference_url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
reference_id GHSA-w2fr-65vp-mxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
fixed_packages
0
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-jqh6-rwsw-73bs
2
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
1
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23hr-yznx-c3fb
1
vulnerability VCID-37et-21qw-skd7
2
vulnerability VCID-3kvp-hnpd-gbcq
3
vulnerability VCID-6c6t-kmb3-2qcm
4
vulnerability VCID-7m45-bvbn-4qd3
5
vulnerability VCID-jqh6-rwsw-73bs
6
vulnerability VCID-kktw-gsen-jyd8
7
vulnerability VCID-p6f7-utd6-eqej
8
vulnerability VCID-zeut-9wfp-q7et
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
2
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-3kvp-hnpd-gbcq
2
vulnerability VCID-9m8x-djng-8ye3
3
vulnerability VCID-jqh6-rwsw-73bs
4
vulnerability VCID-kktw-gsen-jyd8
5
vulnerability VCID-p6f7-utd6-eqej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10912, GHSA-w2fr-65vp-mxw3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zeut-9wfp-q7et
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.1.7