Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-foundation@2.6.6
Typecomposer
Namespacesymfony
Namehttp-foundation
Version2.6.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.50
Latest_non_vulnerable_version7.3.7
Affected_by_vulnerabilities
0
url VCID-6kq8-5k4z-27f2
vulnerability_id VCID-6kq8-5k4z-27f2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60588
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
7
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
9
reference_url https://symfony.com/cve-2024-50345
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50345
10
reference_url https://url.spec.whatwg.org
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://url.spec.whatwg.org
11
reference_url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/http-foundation@7.2.0-BETA1
purl pkg:composer/symfony/http-foundation@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.2.0-BETA1
1
url pkg:composer/symfony/http-foundation@5.4.46
purl pkg:composer/symfony/http-foundation@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.46
2
url pkg:composer/symfony/http-foundation@6.4.14
purl pkg:composer/symfony/http-foundation@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.14
3
url pkg:composer/symfony/http-foundation@7.1.7
purl pkg:composer/symfony/http-foundation@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.1.7
aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2
1
url VCID-kx25-m1mp-zfay
vulnerability_id VCID-kx25-m1mp-zfay
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.78204
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
16
reference_url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11386
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.7.48
purl pkg:composer/symfony/http-foundation@2.7.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-kx25-m1mp-zfay
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.48
1
url pkg:composer/symfony/http-foundation@2.8.41
purl pkg:composer/symfony/http-foundation@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41
2
url pkg:composer/symfony/http-foundation@3.3.17
purl pkg:composer/symfony/http-foundation@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-kx25-m1mp-zfay
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-mqjv-9ptq-q3g9
6
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17
3
url pkg:composer/symfony/http-foundation@3.4.11
purl pkg:composer/symfony/http-foundation@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11
4
url pkg:composer/symfony/http-foundation@4.0.11
purl pkg:composer/symfony/http-foundation@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11
aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay
2
url VCID-mbd5-rsax-jya9
vulnerability_id VCID-mbd5-rsax-jya9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.85034
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
16
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
18
reference_url https://symfony.com/cve-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18888
19
reference_url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
20
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
21
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
22
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
23
reference_url https://github.com/advisories/GHSA-xhh6-956q-4q69
reference_id GHSA-xhh6-956q-4q69
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhh6-956q-4q69
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.52
purl pkg:composer/symfony/http-foundation@2.8.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-8y4h-6hx7-v3h5
2
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52
1
url pkg:composer/symfony/http-foundation@3.4.35
purl pkg:composer/symfony/http-foundation@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-8y4h-6hx7-v3h5
2
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35
2
url pkg:composer/symfony/http-foundation@4.2.12
purl pkg:composer/symfony/http-foundation@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-8y4h-6hx7-v3h5
2
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12
3
url pkg:composer/symfony/http-foundation@4.3.8
purl pkg:composer/symfony/http-foundation@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-8y4h-6hx7-v3h5
2
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8
aliases CVE-2019-18888, GHSA-xhh6-956q-4q69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9
3
url VCID-mqjv-9ptq-q3g9
vulnerability_id VCID-mqjv-9ptq-q3g9
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.06307
scoring_system epss
scoring_elements 0.91097
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
5
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
8
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/http-foundation@5.4.50
purl pkg:composer/symfony/http-foundation@5.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.50
1
url pkg:composer/symfony/http-foundation@6.4.29
purl pkg:composer/symfony/http-foundation@6.4.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.29
2
url pkg:composer/symfony/http-foundation@7.3.7
purl pkg:composer/symfony/http-foundation@7.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.3.7
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9
4
url VCID-yasp-usps-xkc3
vulnerability_id VCID-yasp-usps-xkc3
summary access restriction bypass
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.95038
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
10
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
11
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
12
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
13
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
14
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
15
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
16
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id CVE-2018-14773
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
18
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id CVE-2018-14773.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
20
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id CVE-2018-14773.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
21
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.7.49
purl pkg:composer/symfony/http-foundation@2.7.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49
1
url pkg:composer/symfony/http-foundation@2.8.44
purl pkg:composer/symfony/http-foundation@2.8.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44
2
url pkg:composer/symfony/http-foundation@3.3.18
purl pkg:composer/symfony/http-foundation@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18
3
url pkg:composer/symfony/http-foundation@3.4.14
purl pkg:composer/symfony/http-foundation@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14
4
url pkg:composer/symfony/http-foundation@4.0.14
purl pkg:composer/symfony/http-foundation@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14
5
url pkg:composer/symfony/http-foundation@4.1.3
purl pkg:composer/symfony/http-foundation@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-6kq8-5k4z-27f2
2
vulnerability VCID-8y4h-6hx7-v3h5
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3
Fixing_vulnerabilities
0
url VCID-vnku-f414-dyh9
vulnerability_id VCID-vnku-f414-dyh9
summary 
Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
1
reference_url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84
2
reference_url https://github.com/symfony/symfony/pull/14166
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/14166
3
reference_url https://symfony.com/cve-2015-2309
reference_id CVE-2015-2309
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2015-2309
4
reference_url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
reference_id CVE-2015-2309.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
reference_id CVE-2015-2309.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml
7
reference_url https://github.com/advisories/GHSA-p684-f7fh-jv2j
reference_id GHSA-p684-f7fh-jv2j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p684-f7fh-jv2j
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.3.27
purl pkg:composer/symfony/http-foundation@2.3.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-kx25-m1mp-zfay
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27
1
url pkg:composer/symfony/http-foundation@2.3.29
purl pkg:composer/symfony/http-foundation@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-hkeu-kzf7-67e6
2
vulnerability VCID-kx25-m1mp-zfay
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-mqjv-9ptq-q3g9
5
vulnerability VCID-ntme-svm1-5qd9
6
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.29
2
url pkg:composer/symfony/http-foundation@2.5.11
purl pkg:composer/symfony/http-foundation@2.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-kx25-m1mp-zfay
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11
3
url pkg:composer/symfony/http-foundation@2.6.6
purl pkg:composer/symfony/http-foundation@2.6.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-kx25-m1mp-zfay
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6
4
url pkg:composer/symfony/http-foundation@2.6.8
purl pkg:composer/symfony/http-foundation@2.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6kq8-5k4z-27f2
1
vulnerability VCID-kx25-m1mp-zfay
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-mqjv-9ptq-q3g9
4
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8
aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vnku-f414-dyh9
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6