Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/480620?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/480620?format=api", "purl": "pkg:composer/symfony/symfony@5.2.5", "type": "composer", "namespace": "symfony", "name": "symfony", "version": "5.2.5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.4.51", "latest_non_vulnerable_version": "8.0.12", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14844?format=api", "vulnerability_id": "VCID-2fjn-22pk-p7fx", "summary": "Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38505", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23601" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23601", "reference_id": "CVE-2022-23601", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23601" }, { "reference_url": "https://symfony.com/cve-2022-23601", "reference_id": "CVE-2022-23601", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-23601" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml", "reference_id": "CVE-2022-23601.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml", "reference_id": "CVE-2022-23601.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-vvmr-8829-6whx", "reference_id": "GHSA-vvmr-8829-6whx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvmr-8829-6whx" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx", "reference_id": "GHSA-vvmr-8829-6whx", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59309?format=api", "purl": "pkg:composer/symfony/symfony@5.3.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/59310?format=api", "purl": "pkg:composer/symfony/symfony@5.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/59311?format=api", "purl": "pkg:composer/symfony/symfony@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4" } ], "aliases": [ "CVE-2022-23601", "GHSA-vvmr-8829-6whx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14379?format=api", "vulnerability_id": "VCID-2m2u-gjzs-cbbk", "summary": "Improper Neutralization of Formula Elements in a CSV File\n`Symfony/Serializer` handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony is vulnerable to CSV injection, also known as formula injection. In Symfony, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\\t`. Since then, OWASP added 2 chars in that list, Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00871", "scoring_system": "epss", "scoring_elements": "0.75526", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8" }, { "reference_url": "https://github.com/symfony/symfony/pull/44243", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/44243" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v5.3.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41270", "reference_id": "CVE-2021-41270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41270" }, { "reference_url": "https://symfony.com/cve-2021-41270", "reference_id": "CVE-2021-41270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-41270" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml", "reference_id": "CVE-2021-41270.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml", "reference_id": "CVE-2021-41270.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2xhg-w2g5-w95x", "reference_id": "GHSA-2xhg-w2g5-w95x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xhg-w2g5-w95x" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x", "reference_id": "GHSA-2xhg-w2g5-w95x", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x" }, { "reference_url": "https://usn.ubuntu.com/USN-5290-1/", "reference_id": "USN-USN-5290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58621?format=api", "purl": "pkg:composer/symfony/symfony@5.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/502494?format=api", "purl": "pkg:composer/symfony/symfony@5.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1" } ], "aliases": [ "CVE-2021-41270", "GHSA-2xhg-w2g5-w95x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2m2u-gjzs-cbbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268522?format=api", "vulnerability_id": "VCID-6kq8-5k4z-27f2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60588", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345" }, { "reference_url": "https://symfony.com/cve-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50345" }, { "reference_url": "https://url.spec.whatwg.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://url.spec.whatwg.org" }, { "reference_url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187793?format=api", "purl": "pkg:composer/symfony/symfony@5.4.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187794?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187795?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-50345", "GHSA-mrqx-rp3w-jpjp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16774?format=api", "vulnerability_id": "VCID-7pwc-t6vf-eyax", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39605", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894" }, { "reference_url": "https://symfony.com/cve-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24894" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585196?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585208?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62601?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62602?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/62603?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/62604?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24894", "GHSA-h7vf-5wrv-9fhv", "GMS-2023-209", "GMS-2023-212" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pwc-t6vf-eyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/171006?format=api", "vulnerability_id": "VCID-8y4h-6hx7-v3h5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56786", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424" }, { "reference_url": "https://symfony.com/cve-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-21424" }, { "reference_url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "GHSA-5pv8-ppvj-4h68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://usn.ubuntu.com/USN-5290-1/", "reference_id": "USN-USN-5290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/209858?format=api", "purl": "pkg:composer/symfony/symfony@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-2m2u-gjzs-cbbk" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-93v3-vzkx-xqba" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/209450?format=api", "purl": "pkg:composer/symfony/symfony@5.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-2m2u-gjzs-cbbk" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-93v3-vzkx-xqba" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.9" } ], "aliases": [ "CVE-2021-21424", "GHSA-5pv8-ppvj-4h68" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8y4h-6hx7-v3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14378?format=api", "vulnerability_id": "VCID-93v3-vzkx-xqba", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\n`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64475", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41267" }, { "reference_url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487" }, { "reference_url": "https://github.com/symfony/symfony/pull/44243", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/44243" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v5.3.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v5.3.12" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41267", "reference_id": "CVE-2021-41267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41267" }, { "reference_url": "https://symfony.com/cve-2021-41267", "reference_id": "CVE-2021-41267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-41267" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml", "reference_id": "CVE-2021-41267.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml", "reference_id": "CVE-2021-41267.YAML", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q3j3-w37x-hq2q", "reference_id": "GHSA-q3j3-w37x-hq2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q3j3-w37x-hq2q" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q", "reference_id": "GHSA-q3j3-w37x-hq2q", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58621?format=api", "purl": "pkg:composer/symfony/symfony@5.3.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/502494?format=api", "purl": "pkg:composer/symfony/symfony@5.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1" } ], "aliases": [ "CVE-2021-41267", "GHSA-q3j3-w37x-hq2q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93v3-vzkx-xqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/269375?format=api", "vulnerability_id": "VCID-9mbr-qumx-8yhz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.74047", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736" }, { "reference_url": "https://symfony.com/cve-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-51736" }, { "reference_url": "https://github.com/advisories/GHSA-qq5c-677p-737q", "reference_id": "GHSA-qq5c-677p-737q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qq5c-677p-737q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187793?format=api", "purl": "pkg:composer/symfony/symfony@5.4.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187794?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187795?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-51736", "GHSA-qq5c-677p-737q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268519?format=api", "vulnerability_id": "VCID-dmsr-jrsf-tqdu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66345", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50342" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50342" }, { "reference_url": "https://symfony.com/cve-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50342" }, { "reference_url": "https://github.com/advisories/GHSA-9c3x-r3wp-mgxm", "reference_id": "GHSA-9c3x-r3wp-mgxm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9c3x-r3wp-mgxm" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187956?format=api", "purl": "pkg:composer/symfony/symfony@5.4.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.47" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187957?format=api", "purl": "pkg:composer/symfony/symfony@6.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187958?format=api", "purl": "pkg:composer/symfony/symfony@7.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.8" } ], "aliases": [ "CVE-2024-50342", "GHSA-9c3x-r3wp-mgxm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsr-jrsf-tqdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22279?format=api", "vulnerability_id": "VCID-hkcs-2mjk-ubhw", "summary": "Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01652", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24739" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3" }, { "reference_url": "https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b" }, { "reference_url": "https://github.com/symfony/symfony/issues/62921", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/issues/62921" }, { "reference_url": "https://github.com/symfony/symfony/pull/63164", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/pull/63164" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24739", "reference_id": "CVE-2026-24739", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24739" }, { "reference_url": "https://github.com/advisories/GHSA-r39x-jcww-82v6", "reference_id": "GHSA-r39x-jcww-82v6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r39x-jcww-82v6" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6", "reference_id": "GHSA-r39x-jcww-82v6", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/849316?format=api", "purl": "pkg:composer/symfony/symfony@7.4.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72495?format=api", "purl": "pkg:composer/symfony/symfony@5.4.51", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72496?format=api", "purl": "pkg:composer/symfony/symfony@6.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72497?format=api", "purl": "pkg:composer/symfony/symfony@7.3.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/72498?format=api", "purl": "pkg:composer/symfony/symfony@7.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/85029?format=api", "purl": "pkg:composer/symfony/symfony@8.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72499?format=api", "purl": "pkg:composer/symfony/symfony@8.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5" } ], "aliases": [ "CVE-2026-24739", "GHSA-r39x-jcww-82v6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkcs-2mjk-ubhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348259?format=api", "vulnerability_id": "VCID-htfn-2n6w-mkdv", "summary": "User enumeration in authentication mechanisms\nDescription\n-----------\n\nThe ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.\n\nResolution\n----------\n\nWe now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.\n\nCredits\n-------\n\nI would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.", "references": [ { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-g2qj-pmxm-9f8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-g2qj-pmxm-9f8f" }, { "reference_url": "https://github.com/advisories/GHSA-g2qj-pmxm-9f8f", "reference_id": "GHSA-g2qj-pmxm-9f8f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g2qj-pmxm-9f8f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/209858?format=api", "purl": "pkg:composer/symfony/symfony@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-2m2u-gjzs-cbbk" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-7pwc-t6vf-eyax" }, { "vulnerability": "VCID-93v3-vzkx-xqba" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-uvpz-6mss-9bgn" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8" } ], "aliases": [ "GHSA-g2qj-pmxm-9f8f", "GMS-2021-130", "GMS-2021-131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htfn-2n6w-mkdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20764?format=api", "vulnerability_id": "VCID-mqjv-9ptq-q3g9", "summary": "Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06307", "scoring_system": "epss", "scoring_elements": "0.91097", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500", "reference_id": "CVE-2025-64500", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500" }, { "reference_url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_id": "CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/849316?format=api", "purl": "pkg:composer/symfony/symfony@7.4.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70165?format=api", "purl": "pkg:composer/symfony/symfony@5.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70166?format=api", "purl": "pkg:composer/symfony/symfony@6.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70167?format=api", "purl": "pkg:composer/symfony/symfony@7.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7" } ], "aliases": [ "CVE-2025-64500", "GHSA-3rg7-wf37-54rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18796?format=api", "vulnerability_id": "VCID-mxta-zqzb-nfbv", "summary": "Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02419", "scoring_system": "epss", "scoring_elements": "0.85376", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54" }, { "reference_url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774", "reference_id": "1055774", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734" }, { "reference_url": "https://symfony.com/cve-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2023-46734" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml", "reference_id": "CVE-2023-46734.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/638026?format=api", "purl": "pkg:composer/symfony/symfony@6.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66487?format=api", "purl": "pkg:composer/symfony/symfony@5.4.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66488?format=api", "purl": "pkg:composer/symfony/symfony@6.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8" } ], "aliases": [ "CVE-2023-46734", "GHSA-q847-2q57-wmr3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16776?format=api", "vulnerability_id": "VCID-uvpz-6mss-9bgn", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06271", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895" }, { "reference_url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895" }, { "reference_url": "https://symfony.com/cve-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24895" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585196?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585208?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62601?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62602?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/62603?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/62604?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24895", "GHSA-3gv2-29qc-v67m", "GMS-2023-210", "GMS-2023-211" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpz-6mss-9bgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268520?format=api", "vulnerability_id": "VCID-yzth-mby6-fua5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.4803", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343" }, { "reference_url": "https://symfony.com/cve-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50343" }, { "reference_url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "GHSA-g3rh-rrhp-jhh9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187879?format=api", "purl": "pkg:composer/symfony/symfony@5.4.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/187880?format=api", "purl": "pkg:composer/symfony/symfony@6.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187881?format=api", "purl": "pkg:composer/symfony/symfony@7.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4" } ], "aliases": [ "CVE-2024-50343", "GHSA-g3rh-rrhp-jhh9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzth-mby6-fua5" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.5" }