Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52231?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52231?format=api", "purl": "pkg:composer/symfony/security-core@3.0.6", "type": "composer", "namespace": "symfony", "name": "security-core", "version": "3.0.6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/171006?format=api", "vulnerability_id": "VCID-8y4h-6hx7-v3h5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56786", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424" }, { "reference_url": "https://symfony.com/cve-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-21424" }, { "reference_url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "GHSA-5pv8-ppvj-4h68", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://usn.ubuntu.com/USN-5290-1/", "reference_id": "USN-USN-5290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/209434?format=api", "purl": "pkg:composer/symfony/security-core@3.4.48", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.4.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/209435?format=api", "purl": "pkg:composer/symfony/security-core@4.4.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@4.4.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/209436?format=api", "purl": "pkg:composer/symfony/security-core@5.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@5.2.8" } ], "aliases": [ "CVE-2021-21424", "GHSA-5pv8-ppvj-4h68" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8y4h-6hx7-v3h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12689?format=api", "vulnerability_id": "VCID-tpgm-tx2g-4bh2", "summary": "Improper Authentication\nAn issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33923", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11407" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934" }, { "reference_url": "https://github.com/symfony/symfony/pull/27377", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/27377" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11407", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11407" }, { "reference_url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" }, { "reference_url": "https://symfony.com/cve-2018-11407", "reference_id": "CVE-2018-11407", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11407" }, { "reference_url": "https://usn.ubuntu.com/USN-4836-1/", "reference_id": "USN-USN-4836-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4836-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/116089?format=api", "purl": "pkg:composer/symfony/security-core@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8y4h-6hx7-v3h5" }, { "vulnerability": "VCID-tpgm-tx2g-4bh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/54855?format=api", "purl": "pkg:composer/symfony/security-core@3.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8y4h-6hx7-v3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54856?format=api", "purl": "pkg:composer/symfony/security-core@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8y4h-6hx7-v3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@4.0.7" } ], "aliases": [ "CVE-2018-11407", "GHSA-35c5-28pg-2qg4" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpgm-tx2g-4bh2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11277?format=api", "vulnerability_id": "VCID-rq6s-h7p6-b3f1", "summary": "Unauthorized access on a misconfigured LDAP server\nThere's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35788", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/symfony/symfony/pull/18736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/pull/18736" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2403" }, { "reference_url": "https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://symfony.com/cve-2016-2403", "reference_id": "CVE-2016-2403", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2016-2403" }, { "reference_url": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", "reference_id": "CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52230?format=api", "purl": "pkg:composer/symfony/security-core@2.8.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8y4h-6hx7-v3h5" }, { "vulnerability": "VCID-tpgm-tx2g-4bh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.8.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/52231?format=api", "purl": "pkg:composer/symfony/security-core@3.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8y4h-6hx7-v3h5" }, { "vulnerability": "VCID-tpgm-tx2g-4bh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.0.6" } ], "aliases": [ "CVE-2016-2403", "GHSA-wvj5-r78r-hhfq" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rq6s-h7p6-b3f1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.0.6" }