Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/http-foundation@2.0.0

Type composer

Namespace symfony

Name http-foundation

Version 2.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.19

Latest_non_vulnerable_version 7.3.7

Affected_by_vulnerabilities

url VCID-4x2d-4vu2-y7h6

vulnerability_id VCID-4x2d-4vu2-y7h6

summary

Routes behind a firewall are accessible even when not logged in
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44618
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_url	https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released
reference_id
reference_type
scores
url	https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.19

purl pkg:composer/symfony/http-foundation@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19

aliases CVE-2012-6431

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x2d-4vu2-y7h6

url VCID-hkeu-kzf7-67e6

vulnerability_id VCID-hkeu-kzf7-67e6

summary

Improper Authorization
Security issue when parsing the Authorization header.

references

reference_url	https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904

reference_url	https://github.com/symfony/symfony/pull/11829
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/pull/11829

reference_url	https://symfony.com/cve-2014-6061
reference_id	CVE-2014-6061
reference_type
scores
url	https://symfony.com/cve-2014-6061

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml
reference_id	CVE-2014-6061.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml
reference_id	CVE-2014-6061.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml

reference_url

https://github.com/advisories/GHSA-h7v2-2qwg-h829

reference_id

GHSA-h7v2-2qwg-h829

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7v2-2qwg-h829

fixed_packages

url	pkg:composer/symfony/http-foundation@2.5.0-BETA1
purl	pkg:composer/symfony/http-foundation@2.5.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1

url	pkg:composer/symfony/http-foundation@2.3.19
purl	pkg:composer/symfony/http-foundation@2.3.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19

url	pkg:composer/symfony/http-foundation@2.4.9
purl	pkg:composer/symfony/http-foundation@2.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9

url	pkg:composer/symfony/http-foundation@2.5.4
purl	pkg:composer/symfony/http-foundation@2.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4

url	pkg:composer/symfony/http-foundation@2.5.11
purl	pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

aliases CVE-2014-6061, GHSA-h7v2-2qwg-h829

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hkeu-kzf7-67e6

url VCID-kx25-m1mp-zfay

vulnerability_id VCID-kx25-m1mp-zfay

summary

Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11386

reference_id

reference_type

scores

value	0.01086
scoring_system	epss
scoring_elements	0.78204
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11386

reference_url	https://symfony.com/cve-2018-11386
reference_id	CVE-2018-11386
reference_type
scores
url	https://symfony.com/cve-2018-11386

fixed_packages

url	pkg:composer/symfony/http-foundation@2.8.41
purl	pkg:composer/symfony/http-foundation@2.8.41
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41

url	pkg:composer/symfony/http-foundation@3.4.11
purl	pkg:composer/symfony/http-foundation@3.4.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11

url	pkg:composer/symfony/http-foundation@4.0.11
purl	pkg:composer/symfony/http-foundation@4.0.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11

aliases CVE-2018-11386

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay

url VCID-mbd5-rsax-jya9

vulnerability_id VCID-mbd5-rsax-jya9

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_id

reference_type

scores

value	0.0231
scoring_system	epss
scoring_elements	0.85034
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_url	https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/

reference_url	https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
url	https://symfony.com/blog/symfony-4-3-8-released

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id	CVE-2019-18888
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-18888

reference_url	https://symfony.com/cve-2019-18888
reference_id	CVE-2019-18888
reference_type
scores
url	https://symfony.com/cve-2019-18888

reference_url	https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id	CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER
reference_type
scores
url	https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id	CVE-2019-18888.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id	CVE-2019-18888.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id	CVE-2019-18888.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml

reference_url

https://github.com/advisories/GHSA-xhh6-956q-4q69

reference_id

GHSA-xhh6-956q-4q69

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xhh6-956q-4q69

fixed_packages

url	pkg:composer/symfony/http-foundation@2.8.52
purl	pkg:composer/symfony/http-foundation@2.8.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52

url	pkg:composer/symfony/http-foundation@3.4.35
purl	pkg:composer/symfony/http-foundation@3.4.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35

url	pkg:composer/symfony/http-foundation@4.2.12
purl	pkg:composer/symfony/http-foundation@4.2.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12

url	pkg:composer/symfony/http-foundation@4.3.8
purl	pkg:composer/symfony/http-foundation@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8

aliases CVE-2019-18888, GHSA-xhh6-956q-4q69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9

url VCID-mczp-th6d-wbfr

vulnerability_id VCID-mczp-th6d-wbfr

summary

Information Exporure
`Request::getHost()` poisoning vulnerability in Symfony.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4752

reference_id

reference_type

scores

value	0.00928
scoring_system	epss
scoring_elements	0.76411
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4752

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86365
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86365

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86366
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86366

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86367
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86367

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86368
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86368

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86369
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86369

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86370
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86370

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86371
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86371

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86372
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86372

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86373
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86373

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86374
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

reference_url	https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
url	https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

reference_url	https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715
reference_id
reference_type
scores
url	https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715

reference_url	http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
url	http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2013-4752
reference_id	CVE-2013-4752
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2013-4752

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml
reference_id	CVE-2013-4752.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml
reference_id	CVE-2013-4752.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml

reference_url

https://github.com/advisories/GHSA-22pv-7v9j-hqxp

reference_id

GHSA-22pv-7v9j-hqxp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-22pv-7v9j-hqxp

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.24

purl pkg:composer/symfony/http-foundation@2.0.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.24

url pkg:composer/symfony/http-foundation@2.1.12

purl pkg:composer/symfony/http-foundation@2.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.12

url pkg:composer/symfony/http-foundation@2.2.5

purl pkg:composer/symfony/http-foundation@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.5

url pkg:composer/symfony/http-foundation@2.3.3

purl pkg:composer/symfony/http-foundation@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.3

aliases CVE-2013-4752, GHSA-22pv-7v9j-hqxp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mczp-th6d-wbfr

url VCID-nrvb-8739-vkdf

vulnerability_id VCID-nrvb-8739-vkdf

summary

Information Exposure
`Request::getClientIp()` gives access to client IP when the trust proxy mode is enabled.

references

reference_url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4
reference_id
reference_type
scores
url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.20

purl pkg:composer/symfony/http-foundation@2.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.20

url pkg:composer/symfony/http-foundation@2.1.5

purl pkg:composer/symfony/http-foundation@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.5

url pkg:composer/symfony/http-foundation@2.0.19

purl pkg:composer/symfony/http-foundation@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19

url pkg:composer/symfony/http-foundation@2.1.4

purl pkg:composer/symfony/http-foundation@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.4

aliases GMS-2012-9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrvb-8739-vkdf

url VCID-ntme-svm1-5qd9

vulnerability_id VCID-ntme-svm1-5qd9

summary

Uncontrolled Resource Consumption
Denial of service with a malicious HTTP Host header.

references

reference_url	https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8

reference_url	https://github.com/symfony/symfony/pull/11828
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/pull/11828

reference_url	https://symfony.com/cve-2014-5244
reference_id	CVE-2014-5244
reference_type
scores
url	https://symfony.com/cve-2014-5244

reference_url	https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header
reference_id	CVE-2014-5244-DENIAL-OF-SERVICE-WITH-A-MALICIOUS-HTTP-HOST-HEADER
reference_type
scores
url	https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml
reference_id	CVE-2014-5244.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml
reference_id	CVE-2014-5244.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml

reference_url

https://github.com/advisories/GHSA-v77v-x634-9m56

reference_id

GHSA-v77v-x634-9m56

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v77v-x634-9m56

fixed_packages

url	pkg:composer/symfony/http-foundation@2.5.0-BETA1
purl	pkg:composer/symfony/http-foundation@2.5.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1

url	pkg:composer/symfony/http-foundation@2.3.19
purl	pkg:composer/symfony/http-foundation@2.3.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19

url	pkg:composer/symfony/http-foundation@2.4.9
purl	pkg:composer/symfony/http-foundation@2.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9

url	pkg:composer/symfony/http-foundation@2.5.4
purl	pkg:composer/symfony/http-foundation@2.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4

url	pkg:composer/symfony/http-foundation@2.5.11
purl	pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

aliases CVE-2014-5244, GHSA-v77v-x634-9m56

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntme-svm1-5qd9

url VCID-qsdk-vs65-kfgv

vulnerability_id VCID-qsdk-vs65-kfgv

summary Symfony2 security issue when the trust proxy mode is enabled

references

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml
reference_id
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml

reference_url	https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34
reference_id
reference_type
scores
url	https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34

reference_url	https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35
reference_id
reference_type
scores
url	https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35

reference_url	https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b

reference_url	https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97

reference_url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4
reference_id
reference_type
scores
url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4

reference_url

https://github.com/advisories/GHSA-vfm6-r2gc-pwww

reference_id

GHSA-vfm6-r2gc-pwww

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfm6-r2gc-pwww

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.19

purl pkg:composer/symfony/http-foundation@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19

url pkg:composer/symfony/http-foundation@2.1.4

purl pkg:composer/symfony/http-foundation@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hkeu-kzf7-67e6

vulnerability	VCID-mczp-th6d-wbfr

vulnerability	VCID-ntme-svm1-5qd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.4

aliases GHSA-vfm6-r2gc-pwww

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsdk-vs65-kfgv

url VCID-vnku-f414-dyh9

vulnerability_id VCID-vnku-f414-dyh9

summary

Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.

references

reference_url	https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84

reference_url	https://github.com/symfony/symfony/pull/14166
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/pull/14166

reference_url	https://symfony.com/cve-2015-2309
reference_id	CVE-2015-2309
reference_type
scores
url	https://symfony.com/cve-2015-2309

reference_url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id	CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
reference_id	CVE-2015-2309.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
reference_id	CVE-2015-2309.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml

reference_url

https://github.com/advisories/GHSA-p684-f7fh-jv2j

reference_id

GHSA-p684-f7fh-jv2j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p684-f7fh-jv2j

fixed_packages

url	pkg:composer/symfony/http-foundation@2.3.27
purl	pkg:composer/symfony/http-foundation@2.3.27
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27

url	pkg:composer/symfony/http-foundation@2.5.11
purl	pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

url	pkg:composer/symfony/http-foundation@2.6.6
purl	pkg:composer/symfony/http-foundation@2.6.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6

aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnku-f414-dyh9

url VCID-yasp-usps-xkc3

vulnerability_id VCID-yasp-usps-xkc3

summary access restriction bypass

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14773

reference_id

reference_type

scores

value	0.16652
scoring_system	epss
scoring_elements	0.95038
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14773

reference_url	https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b

reference_url	https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url	https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/May/21

reference_url	https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4441

reference_url	https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
url	https://www.drupal.org/SA-CORE-2018-005

reference_url	http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104943

reference_url	http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041405

reference_url

https://security.archlinux.org/AVG-744

reference_id

AVG-744

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-744

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id	CVE-2018-14773
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14773

reference_url	https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id	CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
url	https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id	CVE-2018-14773.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml

reference_url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id	CVE-2018-14773.YAML
reference_type
scores
url	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml

reference_url

https://github.com/advisories/GHSA-8wgj-6wx8-h5hq

reference_id

GHSA-8wgj-6wx8-h5hq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wgj-6wx8-h5hq

fixed_packages

url	pkg:composer/symfony/http-foundation@2.7.49
purl	pkg:composer/symfony/http-foundation@2.7.49
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49

url	pkg:composer/symfony/http-foundation@2.8.44
purl	pkg:composer/symfony/http-foundation@2.8.44
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44

url	pkg:composer/symfony/http-foundation@3.3.18
purl	pkg:composer/symfony/http-foundation@3.3.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18

url	pkg:composer/symfony/http-foundation@3.4.14
purl	pkg:composer/symfony/http-foundation@3.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14

url	pkg:composer/symfony/http-foundation@4.0.14
purl	pkg:composer/symfony/http-foundation@4.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14

url	pkg:composer/symfony/http-foundation@4.1.3
purl	pkg:composer/symfony/http-foundation@4.1.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3

aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.0

Package Instance