Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@2.2.0
Typecomposer
Namespacesymfony
Namesymfony
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.5
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
0
url VCID-emn6-zmp1-yuhr
vulnerability_id VCID-emn6-zmp1-yuhr
summary 
Information Exporure
`Request::getHost()` poisoning vulnerability in Symfony.
references
0
reference_url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
reference_id
reference_type
scores
url https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
fixed_packages
0
url pkg:composer/symfony/symfony@2.2.5
purl pkg:composer/symfony/symfony@2.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5
1
url pkg:composer/symfony/symfony@2.3.3
purl pkg:composer/symfony/symfony@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3
aliases CVE-2013-4752
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emn6-zmp1-yuhr
1
url VCID-rkap-39hu-abe9
vulnerability_id VCID-rkap-39hu-abe9
summary 
Uncontrolled Resource Consumption
The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
references
0
reference_url https://github.com/symfony/polyfill/pull/155
reference_id
reference_type
scores
url https://github.com/symfony/polyfill/pull/155
1
reference_url https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
reference_id
reference_type
scores
url https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
fixed_packages
0
url pkg:composer/symfony/symfony@2.2.9
purl pkg:composer/symfony/symfony@2.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.9
1
url pkg:composer/symfony/symfony@2.3.6
purl pkg:composer/symfony/symfony@2.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.6
aliases CVE-2013-5958
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkap-39hu-abe9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0