Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51232?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51232?format=api", "purl": "pkg:composer/symfony/symfony@2.0.0", "type": "composer", "namespace": "symfony", "name": "symfony", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.6", "latest_non_vulnerable_version": "8.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37724?format=api", "vulnerability_id": "VCID-2kf8-ugvv-tbb8", "summary": "Code Injection\nCode injection in the way Symfony implements translation caching in FrameworkBundle.", "references": [ { "reference_url": "https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51932?format=api", "purl": "pkg:composer/symfony/symfony@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51933?format=api", "purl": "pkg:composer/symfony/symfony@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4" } ], "aliases": [ "CVE-2014-4931" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kf8-ugvv-tbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46379?format=api", "vulnerability_id": "VCID-4f9e-eg67-cqbr", "summary": "Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.", "references": [ { "reference_url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54" }, { "reference_url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734" }, { "reference_url": "https://symfony.com/cve-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2023-46734" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml", "reference_id": "CVE-2023-46734.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67682?format=api", "purl": "pkg:composer/symfony/symfony@4.4.51", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/67676?format=api", "purl": "pkg:composer/symfony/symfony@5.4.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/67677?format=api", "purl": "pkg:composer/symfony/symfony@6.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8" } ], "aliases": [ "CVE-2023-46734", "GHSA-q847-2q57-wmr3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37476?format=api", "vulnerability_id": "VCID-86ct-zv8d-d3eb", "summary": "Routes behind a firewall are accessible even when not logged in\nSymfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51331?format=api", "purl": "pkg:composer/symfony/symfony@2.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19" } ], "aliases": [ "CVE-2012-6431" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86ct-zv8d-d3eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37477?format=api", "vulnerability_id": "VCID-8bg3-r2zm-kfht", "summary": "Code Injection\nSymfony, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a `/_internal` substring.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51347?format=api", "purl": "pkg:composer/symfony/symfony@2.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/51348?format=api", "purl": "pkg:composer/symfony/symfony@2.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.5" } ], "aliases": [ "CVE-2012-6432" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bg3-r2zm-kfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37424?format=api", "vulnerability_id": "VCID-8tk3-fzaa-pufq", "summary": "Improper Restriction of XML External Entity Reference\nXML decoding attack vector through external entities.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-11-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-11-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51233?format=api", "purl": "pkg:composer/symfony/symfony@2.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11" } ], "aliases": [ "GMS-2012-12" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tk3-fzaa-pufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44350?format=api", "vulnerability_id": "VCID-91hk-tdtv-x7fp", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894" }, { "reference_url": "https://symfony.com/cve-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2022-24894" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63770?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/63771?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/63772?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/63773?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63774?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24894", "GHSA-h7vf-5wrv-9fhv", "GMS-2023-209", "GMS-2023-212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48354?format=api", "vulnerability_id": "VCID-bhnt-pgq7-yya3", "summary": "Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.", "references": [ { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500", "reference_id": "CVE-2025-64500", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500" }, { "reference_url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_id": "CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71371?format=api", "purl": "pkg:composer/symfony/symfony@5.4.50", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/71372?format=api", "purl": "pkg:composer/symfony/symfony@6.4.29", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/71373?format=api", "purl": "pkg:composer/symfony/symfony@7.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7" } ], "aliases": [ "CVE-2025-64500", "GHSA-3rg7-wf37-54rm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37740?format=api", "vulnerability_id": "VCID-bktf-ejbt-2fds", "summary": "Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in the Web Profiler.", "references": [ { "reference_url": "https://symfony.com/cve-2014-6072", "reference_id": "CVE-2014-6072", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2014-6072" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51932?format=api", "purl": "pkg:composer/symfony/symfony@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51933?format=api", "purl": "pkg:composer/symfony/symfony@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4" } ], "aliases": [ "CVE-2014-6072" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bktf-ejbt-2fds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37702?format=api", "vulnerability_id": "VCID-bvc9-d1ns-33g6", "summary": "Code Injection\nThe `Yaml::parse` function in Symfony allows remote attackers to execute arbitrary PHP code via a PHP file.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51883?format=api", "purl": "pkg:composer/symfony/symfony@2.0.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22" } ], "aliases": [ "CVE-2013-1348" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvc9-d1ns-33g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44352?format=api", "vulnerability_id": "VCID-c3qr-9rv2-yqh9", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895" }, { "reference_url": "https://symfony.com/cve-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2022-24895" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63770?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/63771?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/63772?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/63773?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63774?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24895", "GHSA-3gv2-29qc-v67m", "GMS-2023-210", "GMS-2023-211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=api", "vulnerability_id": "VCID-ef86-hqv4-6kaz", "summary": "Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11406", "reference_id": "CVE-2018-11406", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55829?format=api", "purl": "pkg:composer/symfony/symfony@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37566?format=api", "vulnerability_id": "VCID-emn6-zmp1-yuhr", "summary": "Information Exporure\n`Request::getHost()` poisoning vulnerability in Symfony.", "references": [ { "reference_url": "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51543?format=api", "purl": "pkg:composer/symfony/symfony@2.0.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/51544?format=api", "purl": "pkg:composer/symfony/symfony@2.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/51545?format=api", "purl": "pkg:composer/symfony/symfony@2.2.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/51546?format=api", "purl": "pkg:composer/symfony/symfony@2.3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3" } ], "aliases": [ "CVE-2013-4752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emn6-zmp1-yuhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37741?format=api", "vulnerability_id": "VCID-hs5u-r1jg-tub5", "summary": "Improper Access Control\nDirect access of ESI URLs behind a trusted proxy.", "references": [ { "reference_url": "https://symfony.com/cve-2014-5245", "reference_id": "CVE-2014-5245", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2014-5245" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51932?format=api", "purl": "pkg:composer/symfony/symfony@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51933?format=api", "purl": "pkg:composer/symfony/symfony@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4" } ], "aliases": [ "CVE-2014-5245" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5u-r1jg-tub5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37453?format=api", "vulnerability_id": "VCID-kysh-mfs1-3fad", "summary": "Improper Restriction of XML External Entity Reference\nSecurity fixes related to the way XML is handled.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-17-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-17-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51290?format=api", "purl": "pkg:composer/symfony/symfony@2.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17" } ], "aliases": [ "GMS-2012-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kysh-mfs1-3fad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37464?format=api", "vulnerability_id": "VCID-mzqs-3tyf-m7ec", "summary": "Improper Privilege Management\nVulnerability in the `EntityUserProvider` as provided in the Doctrine bridge.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51319?format=api", "purl": "pkg:composer/symfony/symfony@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6" } ], "aliases": [ "GMS-2011-5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzqs-3tyf-m7ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39968?format=api", "vulnerability_id": "VCID-nsuz-7sdv-abef", "summary": "Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11386", "reference_id": "CVE-2018-11386", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11386" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55829?format=api", "purl": "pkg:composer/symfony/symfony@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11386" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37742?format=api", "vulnerability_id": "VCID-p131-pv18-ykht", "summary": "Improper Authorization\nSecurity issue when parsing the Authorization header.", "references": [ { "reference_url": "https://symfony.com/cve-2014-6061", "reference_id": "CVE-2014-6061", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2014-6061" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51932?format=api", "purl": "pkg:composer/symfony/symfony@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51933?format=api", "purl": "pkg:composer/symfony/symfony@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4" } ], "aliases": [ "CVE-2014-6061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p131-pv18-ykht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37743?format=api", "vulnerability_id": "VCID-pxwk-7vcf-m7f5", "summary": "Uncontrolled Resource Consumption\nDenial of service with a malicious HTTP Host header.", "references": [ { "reference_url": "https://symfony.com/cve-2014-5244", "reference_id": "CVE-2014-5244", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2014-5244" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51932?format=api", "purl": "pkg:composer/symfony/symfony@2.4.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51933?format=api", "purl": "pkg:composer/symfony/symfony@2.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mtb5-t6y4-w3eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4" } ], "aliases": [ "CVE-2014-5244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pxwk-7vcf-m7f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40154?format=api", "vulnerability_id": "VCID-qqd1-smb1-sbe8", "summary": "URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.", "references": [ { "reference_url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers", "reference_id": "CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56269?format=api", "purl": "pkg:composer/symfony/symfony@2.8.44", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/56270?format=api", "purl": "pkg:composer/symfony/symfony@3.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/56271?format=api", "purl": "pkg:composer/symfony/symfony@4.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/56272?format=api", "purl": "pkg:composer/symfony/symfony@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3" } ], "aliases": [ "CVE-2018-14773" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37785?format=api", "vulnerability_id": "VCID-rkap-39hu-abe9", "summary": "Uncontrolled Resource Consumption\nThe Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.", "references": [ { "reference_url": "https://github.com/symfony/polyfill/pull/155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/polyfill/pull/155" }, { "reference_url": "https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52106?format=api", "purl": "pkg:composer/symfony/symfony@2.0.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/52107?format=api", "purl": "pkg:composer/symfony/symfony@2.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52108?format=api", "purl": "pkg:composer/symfony/symfony@2.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52109?format=api", "purl": "pkg:composer/symfony/symfony@2.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.6" } ], "aliases": [ "CVE-2013-5958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkap-39hu-abe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37469?format=api", "vulnerability_id": "VCID-va3n-eg8b-guff", "summary": "Information Exposure\nRequest::getClientIp() when the trust proxy mode is enabled.", "references": [ { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51331?format=api", "purl": "pkg:composer/symfony/symfony@2.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/51332?format=api", "purl": "pkg:composer/symfony/symfony@2.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4" } ], "aliases": [ "GMS-2012-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-va3n-eg8b-guff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=api", "vulnerability_id": "VCID-vyug-krcw-jyef", "summary": "Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.", "references": [ { "reference_url": "https://symfony.com/cve-2018-11385", "reference_id": "CVE-2018-11385", "reference_type": "", "scores": [], "url": "https://symfony.com/cve-2018-11385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55829?format=api", "purl": "pkg:composer/symfony/symfony@2.8.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0" }