Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/symfony@5.4.0-BETA1

Type composer

Namespace symfony

Name symfony

Version 5.4.0-BETA1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.4.51

Latest_non_vulnerable_version 8.0.12

Affected_by_vulnerabilities

url VCID-2vph-t5gn-xbfa

vulnerability_id VCID-2vph-t5gn-xbfa

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46734

reference_id

reference_type

scores

value	0.02588
scoring_system	epss
scoring_elements	0.85962
published_at	2026-06-14T12:55:00Z

value	0.02588
scoring_system	epss
scoring_elements	0.85911
published_at	2026-06-11T12:55:00Z

value	0.02588
scoring_system	epss
scoring_elements	0.85959
published_at	2026-06-12T12:55:00Z

value	0.02588
scoring_system	epss
scoring_elements	0.8597
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46734

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46734

reference_url

https://symfony.com/cve-2023-46734

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2023-46734

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id	1055774
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774

reference_url

https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54

reference_id

5d095d5feb1322b16450284a04d6bb48d1198f54

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54

reference_url

https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c

reference_id

9da9a145ce57e4585031ad4bee37c497353eec7c

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c

reference_url

https://github.com/advisories/GHSA-q847-2q57-wmr3

reference_id

GHSA-q847-2q57-wmr3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q847-2q57-wmr3

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3

reference_id

GHSA-q847-2q57-wmr3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html

reference_id

msg00019.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.31

purl pkg:composer/symfony/symfony@5.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.3.8

purl pkg:composer/symfony/symfony@6.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-mmwy-6jga-u7fb

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8

url pkg:composer/symfony/symfony@6.4.0-BETA1

purl pkg:composer/symfony/symfony@6.4.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-mmwy-6jga-u7fb

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1

aliases CVE-2023-46734, GHSA-q847-2q57-wmr3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa

url VCID-3x8r-7w2f-jfbd

vulnerability_id VCID-3x8r-7w2f-jfbd

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24894

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39693
published_at	2026-06-11T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39877
published_at	2026-06-14T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39888
published_at	2026-06-13T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39864
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24894

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24894

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24894

reference_url

https://symfony.com/cve-2022-24894

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2022-24894

reference_url

https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb

reference_id

d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/

url

https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb

reference_url

https://github.com/advisories/GHSA-h7vf-5wrv-9fhv

reference_id

GHSA-h7vf-5wrv-9fhv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7vf-5wrv-9fhv

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv

reference_id

GHSA-h7vf-5wrv-9fhv

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_id

msg00014.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.20

purl pkg:composer/symfony/symfony@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.0.20

purl pkg:composer/symfony/symfony@6.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20

url pkg:composer/symfony/symfony@6.1.0-BETA1

purl pkg:composer/symfony/symfony@6.1.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1

url pkg:composer/symfony/symfony@6.1.12

purl pkg:composer/symfony/symfony@6.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12

url pkg:composer/symfony/symfony@6.2.0-BETA1

purl pkg:composer/symfony/symfony@6.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1

url pkg:composer/symfony/symfony@6.2.6

purl pkg:composer/symfony/symfony@6.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-mmwy-6jga-u7fb

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6

aliases CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd

url VCID-6aj5-vhfg-qkgk

vulnerability_id VCID-6aj5-vhfg-qkgk

summary symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50345

reference_id

reference_type

scores

value	0.00394
scoring_system	epss
scoring_elements	0.60842
published_at	2026-06-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60846
published_at	2026-06-14T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60852
published_at	2026-06-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60737
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50345

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50345

reference_url

https://symfony.com/cve-2024-50345

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50345

reference_url

https://github.com/advisories/GHSA-mrqx-rp3w-jpjp

reference_id

GHSA-mrqx-rp3w-jpjp

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mrqx-rp3w-jpjp

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp

reference_id

GHSA-mrqx-rp3w-jpjp

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp

reference_url

https://url.spec.whatwg.org

reference_id

url.spec.whatwg.org

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/

url

https://url.spec.whatwg.org

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk

url VCID-6byh-zvqa-qucx

vulnerability_id VCID-6byh-zvqa-qucx

summary Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51736

reference_id

reference_type

scores

value	0.00783
scoring_system	epss
scoring_elements	0.74266
published_at	2026-06-14T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74181
published_at	2026-06-11T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74268
published_at	2026-06-13T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74255
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51736

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-51736

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-51736

reference_url

https://symfony.com/cve-2024-51736

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-51736

reference_url

https://github.com/advisories/GHSA-qq5c-677p-737q

reference_id

GHSA-qq5c-677p-737q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qq5c-677p-737q

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q

reference_id

GHSA-qq5c-677p-737q

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-51736, GHSA-qq5c-677p-737q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx

url VCID-8trz-ymga-uqdb

vulnerability_id VCID-8trz-ymga-uqdb

summary symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50343

reference_id

reference_type

scores

value	0.00246
scoring_system	epss
scoring_elements	0.48275
published_at	2026-06-12T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.48276
published_at	2026-06-14T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.48292
published_at	2026-06-13T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.48138
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50343

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50343

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50343

reference_url

https://symfony.com/cve-2024-50343

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50343

reference_url

https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f

reference_id

7d1032bbead9a4229b32fa6ebca32681c80cb76f

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/

url

https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f

reference_url

https://github.com/advisories/GHSA-g3rh-rrhp-jhh9

reference_id

GHSA-g3rh-rrhp-jhh9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g3rh-rrhp-jhh9

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9

reference_id

GHSA-g3rh-rrhp-jhh9

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.43

purl pkg:composer/symfony/symfony@5.4.43

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43

url pkg:composer/symfony/symfony@6.4.11

purl pkg:composer/symfony/symfony@6.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11

url pkg:composer/symfony/symfony@7.1.4

purl pkg:composer/symfony/symfony@7.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4

aliases CVE-2024-50343, GHSA-g3rh-rrhp-jhh9

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8trz-ymga-uqdb

url VCID-dnwt-puv7-mbgm

vulnerability_id VCID-dnwt-puv7-mbgm

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24895

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.07335
published_at	2026-06-14T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07301
published_at	2026-06-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07343
published_at	2026-06-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07336
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24895

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24895

reference_url

https://symfony.com/cve-2022-24895

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2022-24895

reference_url

https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946

reference_id

076fd2088ada33d760758d98ff07ddedbf567946

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/

url

https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946

reference_url

https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4

reference_id

5909d74ecee359ea4982fcf4331aaf2e489a1fd4

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/

url

https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml

reference_id

CVE-2022-24895.yaml

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml

reference_url

https://github.com/advisories/GHSA-3gv2-29qc-v67m

reference_id

GHSA-3gv2-29qc-v67m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3gv2-29qc-v67m

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m

reference_id

GHSA-3gv2-29qc-v67m

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_id

msg00014.html

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.20

purl pkg:composer/symfony/symfony@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.0.20

purl pkg:composer/symfony/symfony@6.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20

url pkg:composer/symfony/symfony@6.1.0-BETA1

purl pkg:composer/symfony/symfony@6.1.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1

url pkg:composer/symfony/symfony@6.1.12

purl pkg:composer/symfony/symfony@6.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12

url pkg:composer/symfony/symfony@6.2.0-BETA1

purl pkg:composer/symfony/symfony@6.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1

url pkg:composer/symfony/symfony@6.2.6

purl pkg:composer/symfony/symfony@6.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-mmwy-6jga-u7fb

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6

aliases CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm

url VCID-kkdk-k66f-hqcr

vulnerability_id VCID-kkdk-k66f-hqcr

summary symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50342

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66586
published_at	2026-06-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66585
published_at	2026-06-14T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66572
published_at	2026-06-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66479
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50342

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50342

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50342

reference_url

https://symfony.com/cve-2024-50342

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50342

reference_url

https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b

reference_id

296d4b34a33b1a6ca5475c6040b3203622520f5b

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/

url

https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b

reference_url

https://github.com/advisories/GHSA-9c3x-r3wp-mgxm

reference_id

GHSA-9c3x-r3wp-mgxm

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9c3x-r3wp-mgxm

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm

reference_id

GHSA-9c3x-r3wp-mgxm

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.47

purl pkg:composer/symfony/symfony@5.4.47

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.47

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.15

purl pkg:composer/symfony/symfony@6.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.15

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.8

purl pkg:composer/symfony/symfony@7.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.8

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-50342, GHSA-9c3x-r3wp-mgxm

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkdk-k66f-hqcr

url VCID-upms-wc51-gkhg

vulnerability_id VCID-upms-wc51-gkhg

summary symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50340

reference_id

reference_type

scores

value	0.86622
scoring_system	epss
scoring_elements	0.99443
published_at	2026-06-14T12:55:00Z

value	0.86622
scoring_system	epss
scoring_elements	0.99442
published_at	2026-06-12T12:55:00Z

value	0.86622
scoring_system	epss
scoring_elements	0.9944
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50340

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50340

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50340

reference_url

https://symfony.com/cve-2024-50340

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50340

reference_url

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_id

a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/

url

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_url

https://github.com/advisories/GHSA-x8vp-gf4q-mw5j

reference_id

GHSA-x8vp-gf4q-mw5j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x8vp-gf4q-mw5j

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

reference_id

GHSA-x8vp-gf4q-mw5j

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-50340, GHSA-x8vp-gf4q-mw5j

risk_score 10.0

exploitability 2.0

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upms-wc51-gkhg

url VCID-yz7h-r417-zuds

vulnerability_id VCID-yz7h-r417-zuds

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24739

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01649
published_at	2026-06-14T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01635
published_at	2026-06-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01639
published_at	2026-06-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01641
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24739

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3

reference_id

35203939050e5abd3caf2202113b00cab5d379b3

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3

reference_url

https://github.com/symfony/symfony/issues/62921

reference_id

62921

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/issues/62921

reference_url

https://github.com/symfony/symfony/pull/63164

reference_id

63164

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/pull/63164

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24739

reference_id

CVE-2026-24739

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24739

reference_url

https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_id

ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_url

https://github.com/advisories/GHSA-r39x-jcww-82v6

reference_id

GHSA-r39x-jcww-82v6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r39x-jcww-82v6

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6

reference_id

GHSA-r39x-jcww-82v6

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6

fixed_packages

url	pkg:composer/symfony/symfony@5.4.51
purl	pkg:composer/symfony/symfony@5.4.51
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url	pkg:composer/symfony/symfony@6.4.33
purl	pkg:composer/symfony/symfony@6.4.33
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url	pkg:composer/symfony/symfony@7.3.11
purl	pkg:composer/symfony/symfony@7.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11

url	pkg:composer/symfony/symfony@7.4.0-BETA1
purl	pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1

url	pkg:composer/symfony/symfony@7.4.5
purl	pkg:composer/symfony/symfony@7.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5

url pkg:composer/symfony/symfony@8.0.0-BETA1

purl pkg:composer/symfony/symfony@8.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1

url	pkg:composer/symfony/symfony@8.0.5
purl	pkg:composer/symfony/symfony@8.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5

aliases CVE-2026-24739, GHSA-r39x-jcww-82v6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds

url VCID-zws9-ffpd-5ffw

vulnerability_id VCID-zws9-ffpd-5ffw

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64500

reference_id

reference_type

scores

value	0.06307
scoring_system	epss
scoring_elements	0.91191
published_at	2026-06-14T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91154
published_at	2026-06-11T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91185
published_at	2026-06-12T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91193
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac

reference_id

9962b91b12bb791322fa73836b350836b6db7cac

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64500

reference_id

CVE-2025-64500

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64500

reference_url

https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_id

cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml

reference_id

CVE-2025-64500.yaml

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml

reference_id

CVE-2025-64500.yaml

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml

reference_url

https://github.com/advisories/GHSA-3rg7-wf37-54rm

reference_id

GHSA-3rg7-wf37-54rm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3rg7-wf37-54rm

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm

reference_id

GHSA-3rg7-wf37-54rm

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm

fixed_packages

url pkg:composer/symfony/symfony@5.4.50

purl pkg:composer/symfony/symfony@5.4.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.29

purl pkg:composer/symfony/symfony@6.4.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.3.7

purl pkg:composer/symfony/symfony@7.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7

url	pkg:composer/symfony/symfony@7.4.0-BETA1
purl	pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1

aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw

Fixing_vulnerabilities

url VCID-7q3t-ttfq-c3fw

vulnerability_id VCID-7q3t-ttfq-c3fw

summary Cookie persistence after password changes in symfony/security-bundle

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41268

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.65427
published_at	2026-06-14T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.65317
published_at	2026-06-11T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.65417
published_at	2026-06-12T12:55:00Z

value	0.00476
scoring_system	epss
scoring_elements	0.65428
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41268

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc

reference_url

https://github.com/symfony/symfony/pull/44243

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/44243

reference_url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41268

reference_id

CVE-2021-41268

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41268

reference_url

https://symfony.com/cve-2021-41268

reference_id

CVE-2021-41268

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2021-41268

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml

reference_id

CVE-2021-41268.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml

reference_id

CVE-2021-41268.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml

reference_url

https://github.com/advisories/GHSA-qw36-p97w-vcqr

reference_id

GHSA-qw36-p97w-vcqr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qw36-p97w-vcqr

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr

reference_id

GHSA-qw36-p97w-vcqr

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr

fixed_packages

url pkg:composer/symfony/symfony@5.3.12

purl pkg:composer/symfony/symfony@5.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-k8q8-sb46-5qbw

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12

url pkg:composer/symfony/symfony@5.4.0-BETA1

purl pkg:composer/symfony/symfony@5.4.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1

aliases CVE-2021-41268, GHSA-qw36-p97w-vcqr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7q3t-ttfq-c3fw

url VCID-c6xj-n2un-kkfz

vulnerability_id VCID-c6xj-n2un-kkfz

summary CSV Injection in symfony/serializer

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41270

reference_id

reference_type

scores

value	0.00871
scoring_system	epss
scoring_elements	0.75714
published_at	2026-06-12T12:55:00Z

value	0.00871
scoring_system	epss
scoring_elements	0.75644
published_at	2026-06-11T12:55:00Z

value	0.00871
scoring_system	epss
scoring_elements	0.75722
published_at	2026-06-14T12:55:00Z

value	0.00871
scoring_system	epss
scoring_elements	0.75727
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41270

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8

reference_url

https://github.com/symfony/symfony/pull/44243

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/44243

reference_url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41270

reference_id

CVE-2021-41270

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41270

reference_url

https://symfony.com/cve-2021-41270

reference_id

CVE-2021-41270

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2021-41270

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml

reference_id

CVE-2021-41270.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml

reference_id

CVE-2021-41270.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml

reference_url

https://github.com/advisories/GHSA-2xhg-w2g5-w95x

reference_id

GHSA-2xhg-w2g5-w95x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2xhg-w2g5-w95x

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x

reference_id

GHSA-2xhg-w2g5-w95x

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x

reference_url	https://usn.ubuntu.com/USN-5290-1/
reference_id	USN-USN-5290-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5290-1/

fixed_packages

url pkg:composer/symfony/symfony@4.4.35

purl pkg:composer/symfony/symfony@4.4.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-k8q8-sb46-5qbw

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.35

url pkg:composer/symfony/symfony@5.0.0-BETA1

purl pkg:composer/symfony/symfony@5.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-k8q8-sb46-5qbw

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1

url pkg:composer/symfony/symfony@5.3.12

purl pkg:composer/symfony/symfony@5.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-k8q8-sb46-5qbw

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12

url pkg:composer/symfony/symfony@5.4.0-BETA1

purl pkg:composer/symfony/symfony@5.4.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1

aliases CVE-2021-41270, GHSA-2xhg-w2g5-w95x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6xj-n2un-kkfz

url VCID-dqes-1qfp-e7ds

vulnerability_id VCID-dqes-1qfp-e7ds

summary Webcache Poisoning in symfony/http-kernel

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41267

reference_id

reference_type

scores

value	0.00462
scoring_system	epss
scoring_elements	0.64714
published_at	2026-06-12T12:55:00Z

value	0.00462
scoring_system	epss
scoring_elements	0.64612
published_at	2026-06-11T12:55:00Z

value	0.00462
scoring_system	epss
scoring_elements	0.64722
published_at	2026-06-14T12:55:00Z

value	0.00462
scoring_system	epss
scoring_elements	0.64726
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41267

reference_url

https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487

reference_url

https://github.com/symfony/symfony/pull/44243

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/44243

reference_url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v5.3.12

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41267

reference_id

CVE-2021-41267

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41267

reference_url

https://symfony.com/cve-2021-41267

reference_id

CVE-2021-41267

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2021-41267

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml

reference_id

CVE-2021-41267.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml

reference_id

CVE-2021-41267.YAML

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml

reference_url

https://github.com/advisories/GHSA-q3j3-w37x-hq2q

reference_id

GHSA-q3j3-w37x-hq2q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q3j3-w37x-hq2q

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q

reference_id

GHSA-q3j3-w37x-hq2q

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q

fixed_packages

url pkg:composer/symfony/symfony@5.3.12

purl pkg:composer/symfony/symfony@5.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-k8q8-sb46-5qbw

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12

url pkg:composer/symfony/symfony@5.4.0-BETA1

purl pkg:composer/symfony/symfony@5.4.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2vph-t5gn-xbfa

vulnerability	VCID-3x8r-7w2f-jfbd

vulnerability	VCID-6aj5-vhfg-qkgk

vulnerability	VCID-6byh-zvqa-qucx

vulnerability	VCID-8trz-ymga-uqdb

vulnerability	VCID-dnwt-puv7-mbgm

vulnerability	VCID-kkdk-k66f-hqcr

vulnerability	VCID-upms-wc51-gkhg

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1

aliases CVE-2021-41267, GHSA-q3j3-w37x-hq2q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqes-1qfp-e7ds

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1

Package Instance