Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/248937?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/248937?format=api", "purl": "pkg:composer/symfony/http-kernel@5.2.4", "type": "composer", "namespace": "symfony", "name": "http-kernel", "version": "5.2.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.4.20", "latest_non_vulnerable_version": "6.2.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47309?format=api", "vulnerability_id": "VCID-e71e-d4tr-wqgz", "summary": "Prevent user enumeration using Guard or the new Authenticator-based Security\nDescription\n-----------\n\nThe ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.\n\nResolution\n----------\n\nWe now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.\n\nCredits\n-------\n\nI would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50112", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50081", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50017", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50088", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50033", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50083", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424" }, { "reference_url": "https://symfony.com/cve-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-21424" }, { "reference_url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "GHSA-5pv8-ppvj-4h68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://usn.ubuntu.com/USN-5290-1/", "reference_id": "USN-USN-5290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/248941?format=api", "purl": "pkg:composer/symfony/http-kernel@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n3d2-zwve-gbf5" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.2.8" } ], "aliases": [ "CVE-2021-21424", "GHSA-5pv8-ppvj-4h68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e71e-d4tr-wqgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11632?format=api", "vulnerability_id": "VCID-n3d2-zwve-gbf5", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\n`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64202", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64195", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64193", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64139", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64126", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41267" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487" }, { "reference_url": "https://github.com/symfony/symfony/pull/44243", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/44243" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v5.3.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12" }, { "reference_url": "https://symfony.com/cve-2021-41267", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-41267" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41267", "reference_id": "CVE-2021-41267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41267" }, { "reference_url": "https://github.com/advisories/GHSA-q3j3-w37x-hq2q", "reference_id": "GHSA-q3j3-w37x-hq2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3j3-w37x-hq2q" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q", "reference_id": "GHSA-q3j3-w37x-hq2q", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41927?format=api", "purl": "pkg:composer/symfony/http-kernel@5.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rgh3-ef8t-k3ec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/271374?format=api", "purl": "pkg:composer/symfony/http-kernel@5.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rgh3-ef8t-k3ec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.4.0-BETA1" } ], "aliases": [ "CVE-2021-41267", "GHSA-q3j3-w37x-hq2q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3d2-zwve-gbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16304?format=api", "vulnerability_id": "VCID-rgh3-ef8t-k3ec", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40689", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40634", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40653", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40688", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4061", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40661", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894" }, { "reference_url": "https://symfony.com/cve-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24894" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55683?format=api", "purl": "pkg:composer/symfony/http-kernel@5.4.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/354895?format=api", "purl": "pkg:composer/symfony/http-kernel@6.0.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55684?format=api", "purl": "pkg:composer/symfony/http-kernel@6.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/354915?format=api", "purl": "pkg:composer/symfony/http-kernel@6.1.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55685?format=api", "purl": "pkg:composer/symfony/http-kernel@6.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/354927?format=api", "purl": "pkg:composer/symfony/http-kernel@6.2.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55686?format=api", "purl": "pkg:composer/symfony/http-kernel@6.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@6.2.6" } ], "aliases": [ "CVE-2022-24894", "GHSA-h7vf-5wrv-9fhv", "GMS-2023-209", "GMS-2023-212" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgh3-ef8t-k3ec" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@5.2.4" }