Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/http-kernel@2.6.0-alpha

Type composer

Namespace symfony

Name http-kernel

Version 2.6.0-alpha

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.8.52

Latest_non_vulnerable_version 8.0.12

Affected_by_vulnerabilities

url VCID-wdz4-hfer-1ud1

vulnerability_id VCID-wdz4-hfer-1ud1

summary

Esi Code Injection
Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089

reference_url

http://jvn.jp/en/jp/JVN19578958/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN19578958/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2308

reference_id

reference_type

scores

value	0.00543
scoring_system	epss
scoring_elements	0.6807
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2308

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-2308

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2308

reference_url

https://symfony.com/blog/cve-2015-2308-esi-code-injection

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2015-2308-esi-code-injection

reference_url

https://symfony.com/cve-2015-2308

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2015-2308

reference_url

https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357

reference_url	http://symfony.com/blog/cve-2015-2308-esi-code-injection
reference_id	CVE-2015-2308-ESI-CODE-INJECTION
reference_type
scores
url	http://symfony.com/blog/cve-2015-2308-esi-code-injection

fixed_packages

url pkg:composer/symfony/http-kernel@2.6.6

purl pkg:composer/symfony/http-kernel@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-mtb5-t6y4-w3eb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.6.6

aliases CVE-2015-2308, GHSA-5c58-w9xc-qcj9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wdz4-hfer-1ud1

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.6.0-alpha

Package Instance