Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@2.8.6
Typecomposer
Namespacesymfony
Namesymfony
Version2.8.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.52
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-59sy-m44r-h3gn
vulnerability_id VCID-59sy-m44r-h3gn
summary 
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49262
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
1
reference_url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
reference_id CVE-2019-10913
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
3
reference_url https://symfony.com/cve-2019-10913
reference_id CVE-2019-10913
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10913
4
reference_url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
reference_id CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
reference_id CVE-2019-10913.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
reference_id CVE-2019-10913.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
7
reference_url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
reference_id GHSA-x92h-wmg2-6hp7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.50
purl pkg:composer/symfony/symfony@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50
1
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
2
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
3
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
1
vulnerability VCID-kw21-fsjq-mbb4
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-wnu2-cmrt-bkhr
4
vulnerability VCID-x8xk-7pga-33hz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10913, GHSA-x92h-wmg2-6hp7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-59sy-m44r-h3gn
1
url VCID-5txj-xsnq-ducf
vulnerability_id VCID-5txj-xsnq-ducf
summary 
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.58042
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10909
1
reference_url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2
2
reference_url https://www.drupal.org/sa-core-2019-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2019-005
3
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10909
5
reference_url https://symfony.com/cve-2019-10909
reference_id CVE-2019-10909
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10909
6
reference_url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
reference_id CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
reference_id CVE-2019-10909.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml
11
reference_url https://github.com/advisories/GHSA-g996-q5r8-w7g2
reference_id GHSA-g996-q5r8-w7g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g996-q5r8-w7g2
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.50
purl pkg:composer/symfony/symfony@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50
1
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
2
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
3
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
1
vulnerability VCID-kw21-fsjq-mbb4
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-wnu2-cmrt-bkhr
4
vulnerability VCID-x8xk-7pga-33hz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5txj-xsnq-ducf
2
url VCID-6bdp-9ng3-uyb1
vulnerability_id VCID-6bdp-9ng3-uyb1
summary 
Cross-site Scripting
The debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18343
reference_id
reference_type
scores
0
value 0.00504
scoring_system epss
scoring_elements 0.66483
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18343
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18343
reference_id CVE-2017-18343
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-18343
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.26
purl pkg:composer/symfony/symfony@2.8.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-d814-yjkr-p3ga
6
vulnerability VCID-fytq-6ane-hyf7
7
vulnerability VCID-g8cq-v4et-cue4
8
vulnerability VCID-kx25-m1mp-zfay
9
vulnerability VCID-m1y3-csp4-aqe4
10
vulnerability VCID-mbd5-rsax-jya9
11
vulnerability VCID-n1c7-yabu-jye7
12
vulnerability VCID-n4kq-nskp-1qar
13
vulnerability VCID-tpgm-tx2g-4bh2
14
vulnerability VCID-vysf-2cxd-zqe2
15
vulnerability VCID-w8s1-z3hu-8beh
16
vulnerability VCID-wnu2-cmrt-bkhr
17
vulnerability VCID-yasp-usps-xkc3
18
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26
1
url pkg:composer/symfony/symfony@3.2.13
purl pkg:composer/symfony/symfony@3.2.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-d814-yjkr-p3ga
6
vulnerability VCID-fytq-6ane-hyf7
7
vulnerability VCID-g8cq-v4et-cue4
8
vulnerability VCID-h377-gc9v-abep
9
vulnerability VCID-kx25-m1mp-zfay
10
vulnerability VCID-m1y3-csp4-aqe4
11
vulnerability VCID-mbd5-rsax-jya9
12
vulnerability VCID-n1c7-yabu-jye7
13
vulnerability VCID-n4kq-nskp-1qar
14
vulnerability VCID-tpgm-tx2g-4bh2
15
vulnerability VCID-w8s1-z3hu-8beh
16
vulnerability VCID-wnu2-cmrt-bkhr
17
vulnerability VCID-x8xk-7pga-33hz
18
vulnerability VCID-yasp-usps-xkc3
19
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13
2
url pkg:composer/symfony/symfony@3.3.6
purl pkg:composer/symfony/symfony@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-d814-yjkr-p3ga
6
vulnerability VCID-fytq-6ane-hyf7
7
vulnerability VCID-g8cq-v4et-cue4
8
vulnerability VCID-h377-gc9v-abep
9
vulnerability VCID-kx25-m1mp-zfay
10
vulnerability VCID-m1y3-csp4-aqe4
11
vulnerability VCID-mbd5-rsax-jya9
12
vulnerability VCID-n1c7-yabu-jye7
13
vulnerability VCID-n4kq-nskp-1qar
14
vulnerability VCID-tpgm-tx2g-4bh2
15
vulnerability VCID-vysf-2cxd-zqe2
16
vulnerability VCID-w8s1-z3hu-8beh
17
vulnerability VCID-wnu2-cmrt-bkhr
18
vulnerability VCID-x8xk-7pga-33hz
19
vulnerability VCID-yasp-usps-xkc3
20
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6
aliases CVE-2017-18343
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bdp-9ng3-uyb1
3
url VCID-7cdk-bmdh-2fde
vulnerability_id VCID-7cdk-bmdh-2fde
summary 
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.3992
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
19
reference_url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
20
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
21
reference_url https://symfony.com/cve-2018-11406
reference_id CVE-2018-11406
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11406
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.41
purl pkg:composer/symfony/symfony@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41
1
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
2
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
3
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-yasp-usps-xkc3
11
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11406, GHSA-g4g7-q726-v5hg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cdk-bmdh-2fde
4
url VCID-8627-nvyk-w7fu
vulnerability_id VCID-8627-nvyk-w7fu
summary 
URL Redirection to Untrusted Site (Open Redirect)
The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11408
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54181
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11408
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8
5
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11408
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11408
10
reference_url https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
11
reference_url https://symfony.com/cve-2018-11408
reference_id CVE-2018-11408
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11408
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.41
purl pkg:composer/symfony/symfony@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41
1
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
2
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
3
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-yasp-usps-xkc3
11
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11408, GHSA-7hwc-2cq4-6x2w
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8627-nvyk-w7fu
5
url VCID-a9gt-63v3-vbdf
vulnerability_id VCID-a9gt-63v3-vbdf
summary 
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
reference_id
reference_type
scores
0
value 0.00869
scoring_system epss
scoring_elements 0.75497
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c
5
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19789
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19789
10
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
11
reference_url https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
12
reference_url https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249
13
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
14
reference_url https://symfony.com/cve-2018-19789
reference_id CVE-2018-19789
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-19789
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.49
purl pkg:composer/symfony/symfony@2.8.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.49
1
url pkg:composer/symfony/symfony@3.4.20
purl pkg:composer/symfony/symfony@3.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20
2
url pkg:composer/symfony/symfony@4.0.15
purl pkg:composer/symfony/symfony@4.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15
3
url pkg:composer/symfony/symfony@4.1.9
purl pkg:composer/symfony/symfony@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-wnu2-cmrt-bkhr
7
vulnerability VCID-x8xk-7pga-33hz
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9
4
url pkg:composer/symfony/symfony@4.2.1
purl pkg:composer/symfony/symfony@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-kw21-fsjq-mbb4
4
vulnerability VCID-m1y3-csp4-aqe4
5
vulnerability VCID-mbd5-rsax-jya9
6
vulnerability VCID-n1c7-yabu-jye7
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1
aliases CVE-2018-19789, GHSA-x3cf-w64x-4cp2
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9gt-63v3-vbdf
6
url VCID-d814-yjkr-p3ga
vulnerability_id VCID-d814-yjkr-p3ga
summary 
Attacker can read all files content on the server
When a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the `$_POST` array in plain PHP) and uploaded files data (known as the `$_FILES` array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a `FileType` is sent as normal `POST` data that could be interpreted as a locale file path on the server-side (for example, `file:///etc/passwd`). If the application did not perform any additional checks about the value submitted to the `FileType`, the contents of the given file on the server could have been exposed to the attacker.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16790
reference_id
reference_type
scores
0
value 0.00686
scoring_system epss
scoring_elements 0.7204
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16790
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml
12
reference_url https://github.com/symfony/form
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/form
13
reference_url https://github.com/symfony/symfony/pull/24993
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/24993
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16790
15
reference_url https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
16
reference_url https://symfony.com/cve-2017-16790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16790
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
reference_id CVE-2017-16790-ENSURE-THAT-SUBMITTED-DATA-ARE-UPLOADED-FILES
reference_type
scores
url http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.31
purl pkg:composer/symfony/symfony@2.8.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.31
1
url pkg:composer/symfony/symfony@3.2.14
purl pkg:composer/symfony/symfony@3.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-x8xk-7pga-33hz
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14
2
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
3
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
4
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16790, GHSA-cqqh-94r6-wjrg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d814-yjkr-p3ga
7
url VCID-fytq-6ane-hyf7
vulnerability_id VCID-fytq-6ane-hyf7
summary `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44839
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/pull/24995
reference_id
reference_type
scores
url https://github.com/symfony/symfony/pull/24995
15
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
17
reference_url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
18
reference_url https://symfony.com/cve-2017-16652
reference_id CVE-2017-16652
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16652
19
reference_url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS
reference_type
scores
url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.31
purl pkg:composer/symfony/symfony@2.8.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.31
1
url pkg:composer/symfony/symfony@3.2.14
purl pkg:composer/symfony/symfony@3.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-x8xk-7pga-33hz
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14
2
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
3
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
4
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16652, GHSA-r7p7-qr7p-2rrf
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fytq-6ane-hyf7
8
url VCID-g8cq-v4et-cue4
vulnerability_id VCID-g8cq-v4et-cue4
summary 
An attacker can navigate to arbitrary directories via the dot-dot-slash attack
This package includes various bundle readers that are used to read resource bundles from the local filesystem. The `read()` methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a `URL` parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16654
reference_id
reference_type
scores
0
value 0.00543
scoring_system epss
scoring_elements 0.68025
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/pull/24994
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/24994
14
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16654
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16654
16
reference_url https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
17
reference_url https://symfony.com/cve-2017-16654
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16654
18
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
19
reference_url http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
reference_id CVE-2017-16654-INTL-BUNDLE-READERS-BREAKING-OUT-OF-PATHS
reference_type
scores
url http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.31
purl pkg:composer/symfony/symfony@2.8.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.31
1
url pkg:composer/symfony/symfony@3.2.14
purl pkg:composer/symfony/symfony@3.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-x8xk-7pga-33hz
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14
2
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
3
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
4
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16654, GHSA-c49r-8gj6-768r
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8cq-v4et-cue4
9
url VCID-kx25-m1mp-zfay
vulnerability_id VCID-kx25-m1mp-zfay
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.78204
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
16
reference_url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11386
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.41
purl pkg:composer/symfony/symfony@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41
1
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
2
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
3
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-yasp-usps-xkc3
11
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay
10
url VCID-m1y3-csp4-aqe4
vulnerability_id VCID-m1y3-csp4-aqe4
summary 
Deserialization of Untrusted Data
In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
reference_id
reference_type
scores
0
value 0.01116
scoring_system epss
scoring_elements 0.78513
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
1
reference_url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
34
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
35
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-016
36
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
37
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
39
reference_url https://symfony.com/cve-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10912
40
reference_url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
reference_id CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
41
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
42
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
43
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
44
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
45
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
46
reference_url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
reference_id GHSA-w2fr-65vp-mxw3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.50
purl pkg:composer/symfony/symfony@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50
1
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
2
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
3
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
1
vulnerability VCID-kw21-fsjq-mbb4
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-wnu2-cmrt-bkhr
4
vulnerability VCID-x8xk-7pga-33hz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10912, GHSA-w2fr-65vp-mxw3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y3-csp4-aqe4
11
url VCID-mbd5-rsax-jya9
vulnerability_id VCID-mbd5-rsax-jya9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.85034
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
1
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
14
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
16
reference_url https://symfony.com/cve-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18888
17
reference_url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
18
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
20
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id CVE-2019-18888.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
21
reference_url https://github.com/advisories/GHSA-xhh6-956q-4q69
reference_id GHSA-xhh6-956q-4q69
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhh6-956q-4q69
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.52
purl pkg:composer/symfony/symfony@2.8.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52
1
url pkg:composer/symfony/symfony@3.4.35
purl pkg:composer/symfony/symfony@3.4.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35
2
url pkg:composer/symfony/symfony@4.2.12
purl pkg:composer/symfony/symfony@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12
3
url pkg:composer/symfony/symfony@4.3.8
purl pkg:composer/symfony/symfony@4.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8
aliases CVE-2019-18888, GHSA-xhh6-956q-4q69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9
12
url VCID-n1c7-yabu-jye7
vulnerability_id VCID-n1c7-yabu-jye7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10910
reference_id
reference_type
scores
0
value 0.11901
scoring_system epss
scoring_elements 0.93864
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10910
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb
3
reference_url https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b
4
reference_url https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b
5
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10910
reference_id CVE-2019-10910
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10910
7
reference_url https://symfony.com/cve-2019-10910
reference_id CVE-2019-10910
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10910
8
reference_url https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
reference_id CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
reference_id CVE-2019-10910.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml
12
reference_url https://github.com/advisories/GHSA-pgwj-prpq-jpc2
reference_id GHSA-pgwj-prpq-jpc2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgwj-prpq-jpc2
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.50
purl pkg:composer/symfony/symfony@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50
1
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
2
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
3
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
1
vulnerability VCID-kw21-fsjq-mbb4
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-wnu2-cmrt-bkhr
4
vulnerability VCID-x8xk-7pga-33hz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10910, GHSA-pgwj-prpq-jpc2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1c7-yabu-jye7
13
url VCID-n4kq-nskp-1qar
vulnerability_id VCID-n4kq-nskp-1qar
summary 
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
reference_id
reference_type
scores
0
value 0.00904
scoring_system epss
scoring_elements 0.76054
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
14
reference_url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
15
reference_url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
16
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
21
reference_url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
22
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
23
reference_url https://symfony.com/cve-2018-11385
reference_id CVE-2018-11385
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11385
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.41
purl pkg:composer/symfony/symfony@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41
1
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
2
url pkg:composer/symfony/symfony@3.4.11
purl pkg:composer/symfony/symfony@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11
3
url pkg:composer/symfony/symfony@4.0.11
purl pkg:composer/symfony/symfony@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-vysf-2cxd-zqe2
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-yasp-usps-xkc3
11
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11
aliases CVE-2018-11385, GHSA-g4rg-rw65-8hfg
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kq-nskp-1qar
14
url VCID-tpgm-tx2g-4bh2
vulnerability_id VCID-tpgm-tx2g-4bh2
summary 
Improper Authentication
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33923
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
6
reference_url https://github.com/symfony/symfony/pull/27377
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/27377
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
8
reference_url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
9
reference_url https://symfony.com/cve-2018-11407
reference_id CVE-2018-11407
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11407
10
reference_url https://usn.ubuntu.com/USN-4836-1/
reference_id USN-USN-4836-1
reference_type
scores
url https://usn.ubuntu.com/USN-4836-1/
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.37
purl pkg:composer/symfony/symfony@2.8.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-vysf-2cxd-zqe2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-yasp-usps-xkc3
14
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.37
1
url pkg:composer/symfony/symfony@3.3.17
purl pkg:composer/symfony/symfony@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-tpgm-tx2g-4bh2
11
vulnerability VCID-vysf-2cxd-zqe2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-x8xk-7pga-33hz
15
vulnerability VCID-yasp-usps-xkc3
16
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17
2
url pkg:composer/symfony/symfony@3.4.7
purl pkg:composer/symfony/symfony@3.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-vysf-2cxd-zqe2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-yasp-usps-xkc3
14
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7
3
url pkg:composer/symfony/symfony@4.0.7
purl pkg:composer/symfony/symfony@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-7cdk-bmdh-2fde
3
vulnerability VCID-8627-nvyk-w7fu
4
vulnerability VCID-a9gt-63v3-vbdf
5
vulnerability VCID-kx25-m1mp-zfay
6
vulnerability VCID-m1y3-csp4-aqe4
7
vulnerability VCID-mbd5-rsax-jya9
8
vulnerability VCID-n1c7-yabu-jye7
9
vulnerability VCID-n4kq-nskp-1qar
10
vulnerability VCID-vysf-2cxd-zqe2
11
vulnerability VCID-w8s1-z3hu-8beh
12
vulnerability VCID-wnu2-cmrt-bkhr
13
vulnerability VCID-x8xk-7pga-33hz
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7
aliases CVE-2018-11407, GHSA-35c5-28pg-2qg4
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpgm-tx2g-4bh2
15
url VCID-vysf-2cxd-zqe2
vulnerability_id VCID-vysf-2cxd-zqe2
summary 
Improper Input Validation
An issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14774
reference_id
reference_type
scores
0
value 0.00153
scoring_system epss
scoring_elements 0.35752
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14774
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a
3
reference_url https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337
4
reference_url https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956
5
reference_url https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982
6
reference_url https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba
7
reference_url https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922
8
reference_url https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
reference_id CVE-2018-14774
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.44
purl pkg:composer/symfony/symfony@2.8.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44
1
url pkg:composer/symfony/symfony@3.3.18
purl pkg:composer/symfony/symfony@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18
2
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
3
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
4
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-k3e5-c9kc-sqg1
4
vulnerability VCID-m1y3-csp4-aqe4
5
vulnerability VCID-mbd5-rsax-jya9
6
vulnerability VCID-n1c7-yabu-jye7
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14774, GHSA-66p6-7p29-55p9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vysf-2cxd-zqe2
16
url VCID-w8s1-z3hu-8beh
vulnerability_id VCID-w8s1-z3hu-8beh
summary 
URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19790
reference_id
reference_type
scores
0
value 0.00447
scoring_system epss
scoring_elements 0.638
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19790
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b
6
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19790
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19790
14
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
15
reference_url https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
16
reference_url https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249
17
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
18
reference_url http://www.securityfocus.com/bid/106249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106249
19
reference_url https://symfony.com/cve-2018-19790
reference_id CVE-2018-19790
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-19790
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.49
purl pkg:composer/symfony/symfony@2.8.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.49
1
url pkg:composer/symfony/symfony@3.4.20
purl pkg:composer/symfony/symfony@3.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20
2
url pkg:composer/symfony/symfony@4.0.15
purl pkg:composer/symfony/symfony@4.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-m1y3-csp4-aqe4
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n1c7-yabu-jye7
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15
3
url pkg:composer/symfony/symfony@4.1.9
purl pkg:composer/symfony/symfony@4.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-wnu2-cmrt-bkhr
7
vulnerability VCID-x8xk-7pga-33hz
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9
4
url pkg:composer/symfony/symfony@4.2.1
purl pkg:composer/symfony/symfony@4.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-kw21-fsjq-mbb4
4
vulnerability VCID-m1y3-csp4-aqe4
5
vulnerability VCID-mbd5-rsax-jya9
6
vulnerability VCID-n1c7-yabu-jye7
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1
aliases CVE-2018-19790, GHSA-89r2-5g34-2g47
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8s1-z3hu-8beh
17
url VCID-wnu2-cmrt-bkhr
vulnerability_id VCID-wnu2-cmrt-bkhr
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
reference_id
reference_type
scores
0
value 0.00813
scoring_system epss
scoring_elements 0.74565
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18887
1
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
14
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
reference_id CVE-2019-18887
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18887
16
reference_url https://symfony.com/cve-2019-18887
reference_id CVE-2019-18887
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18887
17
reference_url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
reference_id CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner
18
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
reference_id CVE-2019-18887.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml
19
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
reference_id CVE-2019-18887.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml
20
reference_url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
reference_id GHSA-q8hg-pf8v-cxrv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q8hg-pf8v-cxrv
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.52
purl pkg:composer/symfony/symfony@2.8.52
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52
1
url pkg:composer/symfony/symfony@3.4.35
purl pkg:composer/symfony/symfony@3.4.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35
2
url pkg:composer/symfony/symfony@4.2.12
purl pkg:composer/symfony/symfony@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12
3
url pkg:composer/symfony/symfony@4.3.8
purl pkg:composer/symfony/symfony@4.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8
aliases CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnu2-cmrt-bkhr
18
url VCID-yasp-usps-xkc3
vulnerability_id VCID-yasp-usps-xkc3
summary access restriction bypass
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.95038
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
2
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
3
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
4
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
5
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
6
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
7
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
8
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id CVE-2018-14773
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
10
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id CVE-2018-14773.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id CVE-2018-14773.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
13
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.44
purl pkg:composer/symfony/symfony@2.8.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44
1
url pkg:composer/symfony/symfony@3.3.18
purl pkg:composer/symfony/symfony@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-yasp-usps-xkc3
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18
2
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
3
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-n1c7-yabu-jye7
6
vulnerability VCID-w8s1-z3hu-8beh
7
vulnerability VCID-wnu2-cmrt-bkhr
8
vulnerability VCID-x8xk-7pga-33hz
9
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
4
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-a9gt-63v3-vbdf
3
vulnerability VCID-k3e5-c9kc-sqg1
4
vulnerability VCID-m1y3-csp4-aqe4
5
vulnerability VCID-mbd5-rsax-jya9
6
vulnerability VCID-n1c7-yabu-jye7
7
vulnerability VCID-w8s1-z3hu-8beh
8
vulnerability VCID-wnu2-cmrt-bkhr
9
vulnerability VCID-x8xk-7pga-33hz
10
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3
19
url VCID-zmrn-3fbj-gqcm
vulnerability_id VCID-zmrn-3fbj-gqcm
summary 
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50816
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
3
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
reference_id CVE-2019-10911
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
5
reference_url https://symfony.com/cve-2019-10911
reference_id CVE-2019-10911
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10911
6
reference_url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
reference_id CVE-2019-10911-ADD-A-SEPARATOR-IN-THE-REMEMBER-ME-COOKIE-HASH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
reference_id CVE-2019-10911.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
reference_id CVE-2019-10911.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
reference_id CVE-2019-10911.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
10
reference_url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
reference_id GHSA-cchx-mfrc-fwqr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.50
purl pkg:composer/symfony/symfony@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50
1
url pkg:composer/symfony/symfony@3.4.26
purl pkg:composer/symfony/symfony@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbd5-rsax-jya9
1
vulnerability VCID-wnu2-cmrt-bkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26
2
url pkg:composer/symfony/symfony@4.1.12
purl pkg:composer/symfony/symfony@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-k3e5-c9kc-sqg1
3
vulnerability VCID-m1y3-csp4-aqe4
4
vulnerability VCID-mbd5-rsax-jya9
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-x8xk-7pga-33hz
7
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12
3
url pkg:composer/symfony/symfony@4.2.7
purl pkg:composer/symfony/symfony@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k3e5-c9kc-sqg1
1
vulnerability VCID-kw21-fsjq-mbb4
2
vulnerability VCID-mbd5-rsax-jya9
3
vulnerability VCID-wnu2-cmrt-bkhr
4
vulnerability VCID-x8xk-7pga-33hz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7
aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmrn-3fbj-gqcm
Fixing_vulnerabilities
0
url VCID-rq6s-h7p6-b3f1
vulnerability_id VCID-rq6s-h7p6-b3f1
summary 
Unauthorized access on a misconfigured LDAP server
There's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-2403
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35788
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-2403
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml
12
reference_url https://github.com/symfony/symfony/pull/18736
reference_id
reference_type
scores
url https://github.com/symfony/symfony/pull/18736
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2403
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-2403
14
reference_url https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137
15
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
16
reference_url https://symfony.com/cve-2016-2403
reference_id CVE-2016-2403
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2016-2403
17
reference_url http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
reference_id CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.6
purl pkg:composer/symfony/symfony@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-6bdp-9ng3-uyb1
3
vulnerability VCID-7cdk-bmdh-2fde
4
vulnerability VCID-8627-nvyk-w7fu
5
vulnerability VCID-a9gt-63v3-vbdf
6
vulnerability VCID-d814-yjkr-p3ga
7
vulnerability VCID-fytq-6ane-hyf7
8
vulnerability VCID-g8cq-v4et-cue4
9
vulnerability VCID-kx25-m1mp-zfay
10
vulnerability VCID-m1y3-csp4-aqe4
11
vulnerability VCID-mbd5-rsax-jya9
12
vulnerability VCID-n1c7-yabu-jye7
13
vulnerability VCID-n4kq-nskp-1qar
14
vulnerability VCID-tpgm-tx2g-4bh2
15
vulnerability VCID-vysf-2cxd-zqe2
16
vulnerability VCID-w8s1-z3hu-8beh
17
vulnerability VCID-wnu2-cmrt-bkhr
18
vulnerability VCID-yasp-usps-xkc3
19
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6
1
url pkg:composer/symfony/symfony@3.0.6
purl pkg:composer/symfony/symfony@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-6bdp-9ng3-uyb1
3
vulnerability VCID-7cdk-bmdh-2fde
4
vulnerability VCID-8627-nvyk-w7fu
5
vulnerability VCID-a9gt-63v3-vbdf
6
vulnerability VCID-kx25-m1mp-zfay
7
vulnerability VCID-m1y3-csp4-aqe4
8
vulnerability VCID-mbd5-rsax-jya9
9
vulnerability VCID-n1c7-yabu-jye7
10
vulnerability VCID-n4kq-nskp-1qar
11
vulnerability VCID-tpgm-tx2g-4bh2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6
aliases CVE-2016-2403, GHSA-wvj5-r78r-hhfq
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq6s-h7p6-b3f1
1
url VCID-zqk8-27jq-j7dx
vulnerability_id VCID-zqk8-27jq-j7dx
summary 
CVE-2016-4423: Large username storage in session
The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4423
reference_id
reference_type
scores
0
value 0.01435
scoring_system epss
scoring_elements 0.81005
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4423
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/pull/18733
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/18733
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4423
7
reference_url https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
8
reference_url http://www.debian.org/security/2016/dsa-3588
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2016/dsa-3588
9
reference_url https://symfony.com/cve-2016-4423
reference_id CVE-2016-4423
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2016-4423
10
reference_url http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
reference_id CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION
reference_type
scores
url http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
fixed_packages
0
url pkg:composer/symfony/symfony@2.3.41
purl pkg:composer/symfony/symfony@2.3.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6bdp-9ng3-uyb1
1
vulnerability VCID-7cdk-bmdh-2fde
2
vulnerability VCID-kx25-m1mp-zfay
3
vulnerability VCID-mbd5-rsax-jya9
4
vulnerability VCID-n4kq-nskp-1qar
5
vulnerability VCID-wnu2-cmrt-bkhr
6
vulnerability VCID-yasp-usps-xkc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.41
1
url pkg:composer/symfony/symfony@2.7.13
purl pkg:composer/symfony/symfony@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-6bdp-9ng3-uyb1
3
vulnerability VCID-7cdk-bmdh-2fde
4
vulnerability VCID-d814-yjkr-p3ga
5
vulnerability VCID-fytq-6ane-hyf7
6
vulnerability VCID-g8cq-v4et-cue4
7
vulnerability VCID-h377-gc9v-abep
8
vulnerability VCID-kx25-m1mp-zfay
9
vulnerability VCID-mbd5-rsax-jya9
10
vulnerability VCID-n1c7-yabu-jye7
11
vulnerability VCID-n4kq-nskp-1qar
12
vulnerability VCID-vysf-2cxd-zqe2
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13
2
url pkg:composer/symfony/symfony@2.8.6
purl pkg:composer/symfony/symfony@2.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-6bdp-9ng3-uyb1
3
vulnerability VCID-7cdk-bmdh-2fde
4
vulnerability VCID-8627-nvyk-w7fu
5
vulnerability VCID-a9gt-63v3-vbdf
6
vulnerability VCID-d814-yjkr-p3ga
7
vulnerability VCID-fytq-6ane-hyf7
8
vulnerability VCID-g8cq-v4et-cue4
9
vulnerability VCID-kx25-m1mp-zfay
10
vulnerability VCID-m1y3-csp4-aqe4
11
vulnerability VCID-mbd5-rsax-jya9
12
vulnerability VCID-n1c7-yabu-jye7
13
vulnerability VCID-n4kq-nskp-1qar
14
vulnerability VCID-tpgm-tx2g-4bh2
15
vulnerability VCID-vysf-2cxd-zqe2
16
vulnerability VCID-w8s1-z3hu-8beh
17
vulnerability VCID-wnu2-cmrt-bkhr
18
vulnerability VCID-yasp-usps-xkc3
19
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6
3
url pkg:composer/symfony/symfony@3.0.6
purl pkg:composer/symfony/symfony@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-59sy-m44r-h3gn
1
vulnerability VCID-5txj-xsnq-ducf
2
vulnerability VCID-6bdp-9ng3-uyb1
3
vulnerability VCID-7cdk-bmdh-2fde
4
vulnerability VCID-8627-nvyk-w7fu
5
vulnerability VCID-a9gt-63v3-vbdf
6
vulnerability VCID-kx25-m1mp-zfay
7
vulnerability VCID-m1y3-csp4-aqe4
8
vulnerability VCID-mbd5-rsax-jya9
9
vulnerability VCID-n1c7-yabu-jye7
10
vulnerability VCID-n4kq-nskp-1qar
11
vulnerability VCID-tpgm-tx2g-4bh2
12
vulnerability VCID-w8s1-z3hu-8beh
13
vulnerability VCID-wnu2-cmrt-bkhr
14
vulnerability VCID-yasp-usps-xkc3
15
vulnerability VCID-zmrn-3fbj-gqcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6
aliases CVE-2016-4423, GHSA-whgv-8cg3-7hcm
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zqk8-27jq-j7dx
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6