| 0 |
| url |
VCID-2fjn-22pk-p7fx |
| vulnerability_id |
VCID-2fjn-22pk-p7fx |
| summary |
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx |
|
| 1 |
| url |
VCID-59sy-m44r-h3gn |
| vulnerability_id |
VCID-59sy-m44r-h3gn |
| summary |
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 16 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 3 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 4 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 5 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 6 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 7 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 8 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 13 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 14 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10913, GHSA-x92h-wmg2-6hp7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-59sy-m44r-h3gn |
|
| 2 |
| url |
VCID-5txj-xsnq-ducf |
| vulnerability_id |
VCID-5txj-xsnq-ducf |
| summary |
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 16 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 3 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 4 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 5 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 6 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 7 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 8 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 13 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 14 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5txj-xsnq-ducf |
|
| 3 |
| url |
VCID-6kq8-5k4z-27f2 |
| vulnerability_id |
VCID-6kq8-5k4z-27f2 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://symfony.com/cve-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50345 |
|
| 9 |
| reference_url |
https://url.spec.whatwg.org |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/ |
|
|
| url |
https://url.spec.whatwg.org |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2 |
|
| 4 |
| url |
VCID-7cdk-bmdh-2fde |
| vulnerability_id |
VCID-7cdk-bmdh-2fde |
| summary |
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 20 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 21 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11406, GHSA-g4g7-q726-v5hg
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7cdk-bmdh-2fde |
|
| 5 |
|
| 6 |
| url |
VCID-8627-nvyk-w7fu |
| vulnerability_id |
VCID-8627-nvyk-w7fu |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 20 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 21 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11408, GHSA-7hwc-2cq4-6x2w
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8627-nvyk-w7fu |
|
| 7 |
|
| 8 |
|
| 9 |
| url |
VCID-a9gt-63v3-vbdf |
| vulnerability_id |
VCID-a9gt-63v3-vbdf |
| summary |
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 8 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 13 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 14 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 16 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 8 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 13 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 14 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 15 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 16 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 17 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 15 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 16 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 17 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 18 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 19 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 11 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 12 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 13 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 14 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 15 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 16 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19789, GHSA-x3cf-w64x-4cp2
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a9gt-63v3-vbdf |
|
| 10 |
| url |
VCID-d814-yjkr-p3ga |
| vulnerability_id |
VCID-d814-yjkr-p3ga |
| summary |
Attacker can read all files content on the server
When a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the `$_POST` array in plain PHP) and uploaded files data (known as the `$_FILES` array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a `FileType` is sent as normal `POST` data that could be interpreted as a locale file path on the server-side (for example, `file:///etc/passwd`). If the application did not perform any additional checks about the value submitted to the `FileType`, the contents of the given file on the server could have been exposed to the attacker. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.2.14 |
| purl |
pkg:composer/symfony/symfony@3.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.3.13 |
| purl |
pkg:composer/symfony/symfony@3.3.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2017-16790, GHSA-cqqh-94r6-wjrg
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d814-yjkr-p3ga |
|
| 11 |
| url |
VCID-fytq-6ane-hyf7 |
| vulnerability_id |
VCID-fytq-6ane-hyf7 |
| summary |
`DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.2.14 |
| purl |
pkg:composer/symfony/symfony@3.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.3.13 |
| purl |
pkg:composer/symfony/symfony@3.3.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2017-16652, GHSA-r7p7-qr7p-2rrf
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fytq-6ane-hyf7 |
|
| 12 |
| url |
VCID-g8cq-v4et-cue4 |
| vulnerability_id |
VCID-g8cq-v4et-cue4 |
| summary |
An attacker can navigate to arbitrary directories via the dot-dot-slash attack
This package includes various bundle readers that are used to read resource bundles from the local filesystem. The `read()` methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a `URL` parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.2.14 |
| purl |
pkg:composer/symfony/symfony@3.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.3.13 |
| purl |
pkg:composer/symfony/symfony@3.3.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2017-16654, GHSA-c49r-8gj6-768r
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g8cq-v4et-cue4 |
|
| 13 |
| url |
VCID-h377-gc9v-abep |
| vulnerability_id |
VCID-h377-gc9v-abep |
| summary |
Cross-Site Request Forgery (CSRF)
The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.2.14 |
| purl |
pkg:composer/symfony/symfony@3.2.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.3.13 |
| purl |
pkg:composer/symfony/symfony@3.3.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.0 |
| purl |
pkg:composer/symfony/symfony@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0 |
|
|
| aliases |
CVE-2017-16653, GHSA-92x6-h2gr-8gxq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h377-gc9v-abep |
|
| 14 |
| url |
VCID-hkcs-2mjk-ubhw |
| vulnerability_id |
VCID-hkcs-2mjk-ubhw |
| summary |
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.
This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkcs-2mjk-ubhw |
|
| 15 |
| url |
VCID-kx25-m1mp-zfay |
| vulnerability_id |
VCID-kx25-m1mp-zfay |
| summary |
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 20 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 21 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11386, GHSA-r2rq-3h56-fqm4
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay |
|
| 16 |
| url |
VCID-m1y3-csp4-aqe4 |
| vulnerability_id |
VCID-m1y3-csp4-aqe4 |
| summary |
Deserialization of Untrusted Data
In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 16 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 3 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 4 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 5 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 6 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 7 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 8 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 13 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 14 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10912, GHSA-w2fr-65vp-mxw3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y3-csp4-aqe4 |
|
| 17 |
|
| 18 |
| url |
VCID-mqjv-9ptq-q3g9 |
| vulnerability_id |
VCID-mqjv-9ptq-q3g9 |
| summary |
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9 |
|
| 19 |
| url |
VCID-mxta-zqzb-nfbv |
| vulnerability_id |
VCID-mxta-zqzb-nfbv |
| summary |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv |
|
| 20 |
| url |
VCID-n1c7-yabu-jye7 |
| vulnerability_id |
VCID-n1c7-yabu-jye7 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 16 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 3 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 4 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 5 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 6 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 7 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 8 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 13 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 14 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10910, GHSA-pgwj-prpq-jpc2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n1c7-yabu-jye7 |
|
| 21 |
| url |
VCID-n4kq-nskp-1qar |
| vulnerability_id |
VCID-n4kq-nskp-1qar |
| summary |
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 16 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 20 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 21 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11385, GHSA-g4rg-rw65-8hfg
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kq-nskp-1qar |
|
| 22 |
| url |
VCID-tpgm-tx2g-4bh2 |
| vulnerability_id |
VCID-tpgm-tx2g-4bh2 |
| summary |
Improper Authentication
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 24 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 25 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 26 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.7 |
| purl |
pkg:composer/symfony/symfony@3.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 19 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 23 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 24 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.7 |
| purl |
pkg:composer/symfony/symfony@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 19 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 20 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 21 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 22 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7 |
|
|
| aliases |
CVE-2018-11407, GHSA-35c5-28pg-2qg4
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tpgm-tx2g-4bh2 |
|
| 23 |
|
| 24 |
| url |
VCID-w8s1-z3hu-8beh |
| vulnerability_id |
VCID-w8s1-z3hu-8beh |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 8 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 13 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 14 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 16 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 8 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 13 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 14 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 15 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 16 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 17 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 15 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 16 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 17 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 18 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 19 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 11 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 12 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 13 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 14 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 15 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 16 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 17 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 18 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19790, GHSA-89r2-5g34-2g47
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w8s1-z3hu-8beh |
|
| 25 |
|
| 26 |
| url |
VCID-x8xk-7pga-33hz |
| vulnerability_id |
VCID-x8xk-7pga-33hz |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.0 |
| purl |
pkg:composer/symfony/symfony@3.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7cdk-bmdh-2fde |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8627-nvyk-w7fu |
|
| 7 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 8 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 9 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 10 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 11 |
| vulnerability |
VCID-kx25-m1mp-zfay |
|
| 12 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 13 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 14 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 15 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 16 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 17 |
| vulnerability |
VCID-n4kq-nskp-1qar |
|
| 18 |
| vulnerability |
VCID-tpgm-tx2g-4bh2 |
|
| 19 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 20 |
| vulnerability |
VCID-vysf-2cxd-zqe2 |
|
| 21 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 22 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 23 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 24 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 25 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2019-18889, GHSA-79gr-58r3-pwm3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x8xk-7pga-33hz |
|
| 27 |
| url |
VCID-yasp-usps-xkc3 |
| vulnerability_id |
VCID-yasp-usps-xkc3 |
| summary |
access restriction bypass |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 16 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 17 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 18 |
| vulnerability |
VCID-yasp-usps-xkc3 |
|
| 19 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 20 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 16 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 2 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 3 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 4 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 5 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 6 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 7 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 10 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 11 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 12 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 13 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 16 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 17 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 18 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 19 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-a9gt-63v3-vbdf |
|
| 9 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 10 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 11 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 12 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 13 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 14 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 15 |
| vulnerability |
VCID-n1c7-yabu-jye7 |
|
| 16 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 17 |
| vulnerability |
VCID-w8s1-z3hu-8beh |
|
| 18 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 19 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 20 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 21 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3 |
|
| 28 |
|
| 29 |
| url |
VCID-zmrn-3fbj-gqcm |
| vulnerability_id |
VCID-zmrn-3fbj-gqcm |
| summary |
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-59sy-m44r-h3gn |
|
| 3 |
| vulnerability |
VCID-5txj-xsnq-ducf |
|
| 4 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 5 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 6 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 7 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 8 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 9 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 10 |
| vulnerability |
VCID-m1y3-csp4-aqe4 |
|
| 11 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 12 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 13 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 14 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 15 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 16 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 17 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
| 18 |
| vulnerability |
VCID-zmrn-3fbj-gqcm |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2fjn-22pk-p7fx |
|
| 1 |
| vulnerability |
VCID-2m2u-gjzs-cbbk |
|
| 2 |
| vulnerability |
VCID-6kq8-5k4z-27f2 |
|
| 3 |
| vulnerability |
VCID-7pwc-t6vf-eyax |
|
| 4 |
| vulnerability |
VCID-8y4h-6hx7-v3h5 |
|
| 5 |
| vulnerability |
VCID-9mbr-qumx-8yhz |
|
| 6 |
| vulnerability |
VCID-hkcs-2mjk-ubhw |
|
| 7 |
| vulnerability |
VCID-k3e5-c9kc-sqg1 |
|
| 8 |
| vulnerability |
VCID-kw21-fsjq-mbb4 |
|
| 9 |
| vulnerability |
VCID-mbd5-rsax-jya9 |
|
| 10 |
| vulnerability |
VCID-mqjv-9ptq-q3g9 |
|
| 11 |
| vulnerability |
VCID-mxta-zqzb-nfbv |
|
| 12 |
| vulnerability |
VCID-uvpz-6mss-9bgn |
|
| 13 |
| vulnerability |
VCID-wnu2-cmrt-bkhr |
|
| 14 |
| vulnerability |
VCID-x8xk-7pga-33hz |
|
| 15 |
| vulnerability |
VCID-yzth-mby6-fua5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10911, GHSA-cchx-mfrc-fwqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zmrn-3fbj-gqcm |
|