Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/55827?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/55827?format=api", "purl": "pkg:composer/symfony/symfony@3.0.0", "type": "composer", "namespace": "symfony", "name": "symfony", "version": "3.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.4.51", "latest_non_vulnerable_version": "8.0.12", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38473?format=api", "vulnerability_id": "VCID-14k5-2gnt-8qgd", "summary": "Unauthorized access on a misconfigured LDAP server\nThere's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35769", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35865", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml" }, { "reference_url": "https://github.com/symfony/symfony/pull/18736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/symfony/symfony/pull/18736" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2403" }, { "reference_url": "https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://symfony.com/cve-2016-2403", "reference_id": "CVE-2016-2403", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2016-2403" }, { "reference_url": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", "reference_id": "CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52732?format=api", "purl": "pkg:composer/symfony/symfony@3.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3qct-gbgt-kkbb" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6" } ], "aliases": [ "CVE-2016-2403", "GHSA-wvj5-r78r-hhfq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14k5-2gnt-8qgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42234?format=api", "vulnerability_id": "VCID-15tu-dfam-yqgh", "summary": "Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38571", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38482", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23601" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50" }, { "reference_url": "https://symfony.com/cve-2022-23601", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-23601" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23601", "reference_id": "CVE-2022-23601", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23601" }, { "reference_url": "https://github.com/advisories/GHSA-vvmr-8829-6whx", "reference_id": "GHSA-vvmr-8829-6whx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vvmr-8829-6whx" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx", "reference_id": "GHSA-vvmr-8829-6whx", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60330?format=api", "purl": "pkg:composer/symfony/symfony@5.3.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/60331?format=api", "purl": "pkg:composer/symfony/symfony@5.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/60332?format=api", "purl": "pkg:composer/symfony/symfony@6.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4" } ], "aliases": [ "CVE-2022-23601", "GHSA-vvmr-8829-6whx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40985?format=api", "vulnerability_id": "VCID-23hr-yznx-c3fb", "summary": "Improper Authentication\nIn Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50897", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50835", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10911" }, { "reference_url": "https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://symfony.com/cve-2019-10911", "reference_id": "CVE-2019-10911", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10911" }, { "reference_url": "https://github.com/advisories/GHSA-cchx-mfrc-fwqr", "reference_id": "GHSA-cchx-mfrc-fwqr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cchx-mfrc-fwqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58020?format=api", "purl": "pkg:composer/symfony/symfony@3.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/76200?format=api", "purl": "pkg:composer/symfony/symfony@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/58021?format=api", "purl": "pkg:composer/symfony/symfony@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7" } ], "aliases": [ "CVE-2019-10911", "GHSA-cchx-mfrc-fwqr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52037?format=api", "vulnerability_id": "VCID-37et-21qw-skd7", "summary": "Improper Input Validation\nIf an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.85061", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0231", "scoring_system": "epss", "scoring_elements": "0.85085", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18888" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v4.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v4.3.8" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18888" }, { "reference_url": "https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser" }, { "reference_url": "https://symfony.com/blog/symfony-4-3-8-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/symfony-4-3-8-released" }, { "reference_url": "https://symfony.com/cve-2019-18888", "reference_id": "CVE-2019-18888", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-18888" }, { "reference_url": "https://github.com/advisories/GHSA-xhh6-956q-4q69", "reference_id": "GHSA-xhh6-956q-4q69", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xhh6-956q-4q69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76252?format=api", "purl": "pkg:composer/symfony/symfony@3.4.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/76253?format=api", "purl": "pkg:composer/symfony/symfony@4.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/76248?format=api", "purl": "pkg:composer/symfony/symfony@4.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8" } ], "aliases": [ "CVE-2019-18888", "GHSA-xhh6-956q-4q69" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40103?format=api", "vulnerability_id": "VCID-3qct-gbgt-kkbb", "summary": "Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66533", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00504", "scoring_system": "epss", "scoring_elements": "0.66573", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18343", "reference_id": "CVE-2017-18343", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18343" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55844?format=api", "purl": "pkg:composer/symfony/symfony@3.2.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-djnm-e9r4-c3f5" }, { "vulnerability": "VCID-dsbx-q641-4fc7" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-xdtu-22ad-63aq" }, { "vulnerability": "VCID-xj13-fspe-hfgv" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/56130?format=api", "purl": "pkg:composer/symfony/symfony@3.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-djnm-e9r4-c3f5" }, { "vulnerability": "VCID-dsbx-q641-4fc7" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-xdtu-22ad-63aq" }, { "vulnerability": "VCID-xj13-fspe-hfgv" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6" } ], "aliases": [ "CVE-2017-18343" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3qct-gbgt-kkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46379?format=api", "vulnerability_id": "VCID-4f9e-eg67-cqbr", "summary": "Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02588", "scoring_system": "epss", "scoring_elements": "0.85886", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54" }, { "reference_url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774", "reference_id": "1055774", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734" }, { "reference_url": "https://symfony.com/cve-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2023-46734" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml", "reference_id": "CVE-2023-46734.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/687204?format=api", "purl": "pkg:composer/symfony/symfony@6.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-s3tv-69ye-13bf" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67682?format=api", "purl": "pkg:composer/symfony/symfony@4.4.51", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/267368?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67676?format=api", "purl": "pkg:composer/symfony/symfony@5.4.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/67677?format=api", "purl": "pkg:composer/symfony/symfony@6.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-s3tv-69ye-13bf" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8" } ], "aliases": [ "CVE-2023-46734", "GHSA-q847-2q57-wmr3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40980?format=api", "vulnerability_id": "VCID-6c6t-kmb3-2qcm", "summary": "Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58063", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58114", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2" }, { "reference_url": "https://www.drupal.org/sa-core-2019-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2019-005" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10909" }, { "reference_url": "https://symfony.com/cve-2019-10909", "reference_id": "CVE-2019-10909", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10909" }, { "reference_url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine", "reference_id": "CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine" }, { "reference_url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2", "reference_id": "GHSA-g996-q5r8-w7g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g996-q5r8-w7g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58020?format=api", "purl": "pkg:composer/symfony/symfony@3.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/76200?format=api", "purl": "pkg:composer/symfony/symfony@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/58021?format=api", "purl": "pkg:composer/symfony/symfony@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7" } ], "aliases": [ "CVE-2019-10909", "GHSA-g996-q5r8-w7g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40978?format=api", "vulnerability_id": "VCID-7m45-bvbn-4qd3", "summary": "SQL Injection\nIn Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4935", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49289", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10913" }, { "reference_url": "https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides" }, { "reference_url": "https://symfony.com/cve-2019-10913", "reference_id": "CVE-2019-10913", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10913" }, { "reference_url": "https://github.com/advisories/GHSA-x92h-wmg2-6hp7", "reference_id": "GHSA-x92h-wmg2-6hp7", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x92h-wmg2-6hp7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58020?format=api", "purl": "pkg:composer/symfony/symfony@3.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/76200?format=api", "purl": "pkg:composer/symfony/symfony@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/58021?format=api", "purl": "pkg:composer/symfony/symfony@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7" } ], "aliases": [ "CVE-2019-10913", "GHSA-x92h-wmg2-6hp7" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44350?format=api", "vulnerability_id": "VCID-91hk-tdtv-x7fp", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39683", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39597", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894" }, { "reference_url": "https://symfony.com/cve-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24894" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63770?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/267368?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63771?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63772?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/634333?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63773?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/634345?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63774?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-s3tv-69ye-13bf" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24894", "GHSA-h7vf-5wrv-9fhv", "GMS-2023-209", "GMS-2023-212" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52022?format=api", "vulnerability_id": "VCID-awma-bc9f-kfe2", "summary": "Symfony Service IDs Allow Injection\nIn Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11901", "scoring_system": "epss", "scoring_elements": "0.93887", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11901", "scoring_system": "epss", "scoring_elements": "0.93877", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb" }, { "reference_url": "https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_19", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10910", "reference_id": "CVE-2019-10910", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10910" }, { "reference_url": "https://symfony.com/cve-2019-10910", "reference_id": "CVE-2019-10910", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10910" }, { "reference_url": "https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid", "reference_id": "CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml", "reference_id": "CVE-2019-10910.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml", "reference_id": "CVE-2019-10910.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml", "reference_id": "CVE-2019-10910.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-pgwj-prpq-jpc2", "reference_id": "GHSA-pgwj-prpq-jpc2", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgwj-prpq-jpc2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58020?format=api", "purl": "pkg:composer/symfony/symfony@3.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/76200?format=api", "purl": "pkg:composer/symfony/symfony@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/58021?format=api", "purl": "pkg:composer/symfony/symfony@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7" } ], "aliases": [ "CVE-2019-10910", "GHSA-pgwj-prpq-jpc2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awma-bc9f-kfe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48354?format=api", "vulnerability_id": "VCID-bhnt-pgq7-yya3", "summary": "Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06307", "scoring_system": "epss", "scoring_elements": "0.91125", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500", "reference_id": "CVE-2025-64500", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500" }, { "reference_url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_id": "CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/897796?format=api", "purl": "pkg:composer/symfony/symfony@7.4.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/71371?format=api", "purl": "pkg:composer/symfony/symfony@5.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/71372?format=api", "purl": "pkg:composer/symfony/symfony@6.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/515397?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/71373?format=api", "purl": "pkg:composer/symfony/symfony@7.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7" } ], "aliases": [ "CVE-2025-64500", "GHSA-3rg7-wf37-54rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44352?format=api", "vulnerability_id": "VCID-c3qr-9rv2-yqh9", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06125", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06099", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895" }, { "reference_url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895" }, { "reference_url": "https://symfony.com/cve-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24895" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63770?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/267368?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63771?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63772?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/634333?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63773?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/634345?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/63774?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-s3tv-69ye-13bf" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24895", "GHSA-3gv2-29qc-v67m", "GMS-2023-210", "GMS-2023-211" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40159?format=api", "vulnerability_id": "VCID-dsbx-q641-4fc7", "summary": "Cross-Site Request Forgery (CSRF)\nThe current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.", "references": [ { "reference_url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55806", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55863", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e" }, { "reference_url": "https://github.com/symfony/symfony/pull/24992", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/24992" }, { "reference_url": "https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16653", "reference_id": "CVE-2017-16653", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16653" }, { "reference_url": "https://symfony.com/cve-2017-16653", "reference_id": "CVE-2017-16653", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2017-16653" }, { "reference_url": "https://github.com/advisories/GHSA-92x6-h2gr-8gxq", "reference_id": "GHSA-92x6-h2gr-8gxq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92x6-h2gr-8gxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55849?format=api", "purl": "pkg:composer/symfony/symfony@3.2.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/55850?format=api", "purl": "pkg:composer/symfony/symfony@3.3.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/55828?format=api", "purl": "pkg:composer/symfony/symfony@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0" } ], "aliases": [ "CVE-2017-16653", "GHSA-92x6-h2gr-8gxq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dsbx-q641-4fc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=api", "vulnerability_id": "VCID-ef86-hqv4-6kaz", "summary": "Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39996", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00184", "scoring_system": "epss", "scoring_elements": "0.39914", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11406" }, { "reference_url": "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://symfony.com/cve-2018-11406", "reference_id": "CVE-2018-11406", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11406" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:composer/symfony/symfony@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11406", "GHSA-g4g7-q726-v5hg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49869?format=api", "vulnerability_id": "VCID-f2w1-nvm5-rub3", "summary": "Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01637", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24739" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3" }, { "reference_url": "https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b" }, { "reference_url": "https://github.com/symfony/symfony/issues/62921", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/issues/62921" }, { "reference_url": "https://github.com/symfony/symfony/pull/63164", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/pull/63164" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24739", "reference_id": "CVE-2026-24739", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24739" }, { "reference_url": "https://github.com/advisories/GHSA-r39x-jcww-82v6", "reference_id": "GHSA-r39x-jcww-82v6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r39x-jcww-82v6" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6", "reference_id": "GHSA-r39x-jcww-82v6", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/897796?format=api", "purl": "pkg:composer/symfony/symfony@7.4.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73701?format=api", "purl": "pkg:composer/symfony/symfony@5.4.51", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73702?format=api", "purl": "pkg:composer/symfony/symfony@6.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/515397?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73703?format=api", "purl": "pkg:composer/symfony/symfony@7.3.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/73704?format=api", "purl": "pkg:composer/symfony/symfony@7.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/515395?format=api", "purl": "pkg:composer/symfony/symfony@8.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73705?format=api", "purl": "pkg:composer/symfony/symfony@8.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5" } ], "aliases": [ "CVE-2026-24739", "GHSA-r39x-jcww-82v6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2w1-nvm5-rub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40525?format=api", "vulnerability_id": "VCID-frbz-vpfe-vbh9", "summary": "Unrestricted Upload of File with Dangerous Type\nWhen using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00869", "scoring_system": "epss", "scoring_elements": "0.75566", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00869", "scoring_system": "epss", "scoring_elements": "0.75538", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19789" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/21" }, { "reference_url": "https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path" }, { "reference_url": "https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4441", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4441" }, { "reference_url": "https://symfony.com/cve-2018-19789", "reference_id": "CVE-2018-19789", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-19789" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57136?format=api", "purl": "pkg:composer/symfony/symfony@3.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/57137?format=api", "purl": "pkg:composer/symfony/symfony@4.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/57138?format=api", "purl": "pkg:composer/symfony/symfony@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/57139?format=api", "purl": "pkg:composer/symfony/symfony@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1" } ], "aliases": [ "CVE-2018-19789", "GHSA-x3cf-w64x-4cp2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52042?format=api", "vulnerability_id": "VCID-jqh6-rwsw-73bs", "summary": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)\nThe UriSigner was subjectto timing attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74617", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml" }, { "reference_url": "https://github.com/symfony/symfony/releases/tag/v4.3.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/releases/tag/v4.3.8" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18887", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18887" }, { "reference_url": "https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner" }, { "reference_url": "https://symfony.com/blog/symfony-4-3-8-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/symfony-4-3-8-released" }, { "reference_url": "https://symfony.com/cve-2019-18887", "reference_id": "CVE-2019-18887", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-18887" }, { "reference_url": "https://github.com/advisories/GHSA-q8hg-pf8v-cxrv", "reference_id": "GHSA-q8hg-pf8v-cxrv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8hg-pf8v-cxrv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76252?format=api", "purl": "pkg:composer/symfony/symfony@3.4.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/76253?format=api", "purl": "pkg:composer/symfony/symfony@4.2.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/76248?format=api", "purl": "pkg:composer/symfony/symfony@4.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8" } ], "aliases": [ "CVE-2019-18887", "GHSA-q8hg-pf8v-cxrv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40526?format=api", "vulnerability_id": "VCID-mew1-9shg-mugs", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63875", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63833", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19790" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/21" }, { "reference_url": "https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http" }, { "reference_url": "https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4441", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4441" }, { "reference_url": "http://www.securityfocus.com/bid/106249", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106249" }, { "reference_url": "https://symfony.com/cve-2018-19790", "reference_id": "CVE-2018-19790", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-19790" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57136?format=api", "purl": "pkg:composer/symfony/symfony@3.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/57137?format=api", "purl": "pkg:composer/symfony/symfony@4.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/57138?format=api", "purl": "pkg:composer/symfony/symfony@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/57139?format=api", "purl": "pkg:composer/symfony/symfony@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1" } ], "aliases": [ "CVE-2018-19790", "GHSA-89r2-5g34-2g47" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39968?format=api", "vulnerability_id": "VCID-nsuz-7sdv-abef", "summary": "Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01086", "scoring_system": "epss", "scoring_elements": "0.7827", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01086", "scoring_system": "epss", "scoring_elements": "0.78244", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11386" }, { "reference_url": "https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://symfony.com/cve-2018-11386", "reference_id": "CVE-2018-11386", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11386" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:composer/symfony/symfony@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11386", "GHSA-r2rq-3h56-fqm4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54478?format=api", "vulnerability_id": "VCID-p6f7-utd6-eqej", "summary": "Information Exposure\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56852", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56801", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3" }, { "reference_url": "https://symfony.com/cve-2021-21424", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2021-21424" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424", "reference_id": "CVE-2021-21424", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21424" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68", "reference_id": "GHSA-5pv8-ppvj-4h68", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68" }, { "reference_url": "https://usn.ubuntu.com/USN-5290-1/", "reference_id": "USN-USN-5290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80716?format=api", "purl": "pkg:composer/symfony/symfony@3.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/142590?format=api", "purl": "pkg:composer/symfony/symfony@3.4.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/80717?format=api", "purl": "pkg:composer/symfony/symfony@4.4.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/142591?format=api", "purl": "pkg:composer/symfony/symfony@4.4.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/80718?format=api", "purl": "pkg:composer/symfony/symfony@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-gjcx-wmhp-fqef" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/142593?format=api", "purl": "pkg:composer/symfony/symfony@5.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-gjcx-wmhp-fqef" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.9" } ], "aliases": [ "CVE-2021-21424", "GHSA-5pv8-ppvj-4h68" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56133?format=api", "vulnerability_id": "VCID-pj86-ync3-gyan", "summary": "Symfony has an incorrect response from Validator when input ends with `\\n`\nIt is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48109", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343", "reference_id": "CVE-2024-50343", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343" }, { "reference_url": "https://symfony.com/cve-2024-50343", "reference_id": "CVE-2024-50343", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50343" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml", "reference_id": "CVE-2024-50343.YAML", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml", "reference_id": "CVE-2024-50343.YAML", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "GHSA-g3rh-rrhp-jhh9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "GHSA-g3rh-rrhp-jhh9", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83178?format=api", "purl": "pkg:composer/symfony/symfony@5.4.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/83179?format=api", "purl": "pkg:composer/symfony/symfony@6.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/83180?format=api", "purl": "pkg:composer/symfony/symfony@7.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4" } ], "aliases": [ "CVE-2024-50343", "GHSA-g3rh-rrhp-jhh9" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj86-ync3-gyan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40154?format=api", "vulnerability_id": "VCID-qqd1-smb1-sbe8", "summary": "URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16652", "scoring_system": "epss", "scoring_elements": "0.95057", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.16652", "scoring_system": "epss", "scoring_elements": "0.95049", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml" }, { "reference_url": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14773" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/21" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4441", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4441" }, { "reference_url": "https://www.drupal.org/SA-CORE-2018-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/SA-CORE-2018-005" }, { "reference_url": "http://www.securityfocus.com/bid/104943", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/104943" }, { "reference_url": "http://www.securitytracker.com/id/1041405", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1041405" }, { "reference_url": "https://security.archlinux.org/AVG-744", "reference_id": "AVG-744", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-744" }, { "reference_url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers", "reference_id": "CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers" }, { "reference_url": "https://github.com/advisories/GHSA-8wgj-6wx8-h5hq", "reference_id": "GHSA-8wgj-6wx8-h5hq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wgj-6wx8-h5hq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56280?format=api", "purl": "pkg:composer/symfony/symfony@3.3.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/56270?format=api", "purl": "pkg:composer/symfony/symfony@3.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/56271?format=api", "purl": "pkg:composer/symfony/symfony@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/56272?format=api", "purl": "pkg:composer/symfony/symfony@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3" } ], "aliases": [ "CVE-2018-14773", "GHSA-8wgj-6wx8-h5hq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39970?format=api", "vulnerability_id": "VCID-tx26-92jc-rkff", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nThe security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54265", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.54208", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11408", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11408" }, { "reference_url": "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers" }, { "reference_url": "https://symfony.com/cve-2018-11408", "reference_id": "CVE-2018-11408", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11408" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:composer/symfony/symfony@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11408", "GHSA-7hwc-2cq4-6x2w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tx26-92jc-rkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39967?format=api", "vulnerability_id": "VCID-uuk9-e5qy-rfgf", "summary": "Improper Authentication\nAn issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33996", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33894", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934" }, { "reference_url": "https://github.com/symfony/symfony/pull/27377", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/27377" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11407", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11407" }, { "reference_url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password" }, { "reference_url": "https://symfony.com/cve-2018-11407", "reference_id": "CVE-2018-11407", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11407" }, { "reference_url": "https://usn.ubuntu.com/USN-4836-1/", "reference_id": "USN-USN-4836-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4836-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:composer/symfony/symfony@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/55857?format=api", "purl": "pkg:composer/symfony/symfony@3.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/55858?format=api", "purl": "pkg:composer/symfony/symfony@4.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7" } ], "aliases": [ "CVE-2018-11407", "GHSA-35c5-28pg-2qg4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuk9-e5qy-rfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=api", "vulnerability_id": "VCID-vyug-krcw-jyef", "summary": "Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76092", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00904", "scoring_system": "epss", "scoring_elements": "0.76117", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f" }, { "reference_url": "https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b" }, { "reference_url": "https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11385", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11385" }, { "reference_url": "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4262" }, { "reference_url": "https://symfony.com/cve-2018-11385", "reference_id": "CVE-2018-11385", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2018-11385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56274?format=api", "purl": "pkg:composer/symfony/symfony@3.3.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/55830?format=api", "purl": "pkg:composer/symfony/symfony@3.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55831?format=api", "purl": "pkg:composer/symfony/symfony@4.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-1y96-v19f-tkgg" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11" } ], "aliases": [ "CVE-2018-11385", "GHSA-g4rg-rw65-8hfg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38131?format=api", "vulnerability_id": "VCID-x4nv-gvag-7qf2", "summary": "CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01435", "scoring_system": "epss", "scoring_elements": "0.81062", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01435", "scoring_system": "epss", "scoring_elements": "0.81034", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/pull/18733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/pull/18733" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4423", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4423" }, { "reference_url": "https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3588", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3588" }, { "reference_url": "https://symfony.com/cve-2016-4423", "reference_id": "CVE-2016-4423", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2016-4423" }, { "reference_url": "http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session", "reference_id": "CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION", "reference_type": "", "scores": [], "url": "http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52732?format=api", "purl": "pkg:composer/symfony/symfony@3.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3qct-gbgt-kkbb" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-awma-bc9f-kfe2" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-frbz-vpfe-vbh9" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-mew1-9shg-mugs" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-tx26-92jc-rkff" }, { "vulnerability": "VCID-uuk9-e5qy-rfgf" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6" } ], "aliases": [ "CVE-2016-4423", "GHSA-whgv-8cg3-7hcm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4nv-gvag-7qf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56123?format=api", "vulnerability_id": "VCID-yetr-unnz-gbhn", "summary": "Symfony vulnerable to command execution hijack on Windows with Process class\nOn Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.74134", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736", "reference_id": "CVE-2024-51736", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736" }, { "reference_url": "https://symfony.com/cve-2024-51736", "reference_id": "CVE-2024-51736", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-51736" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml", "reference_id": "CVE-2024-51736.YAML", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml", "reference_id": "CVE-2024-51736.YAML", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qq5c-677p-737q", "reference_id": "GHSA-qq5c-677p-737q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qq5c-677p-737q" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q", "reference_id": "GHSA-qq5c-677p-737q", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/777701?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83126?format=api", "purl": "pkg:composer/symfony/symfony@5.4.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83127?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/515397?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83128?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-51736", "GHSA-qq5c-677p-737q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yetr-unnz-gbhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40979?format=api", "vulnerability_id": "VCID-zeut-9wfp-q7et", "summary": "Deserialization of Untrusted Data\nIn Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78566", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78539", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913" }, { "reference_url": "https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/May/21" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-016" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2019-016/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2019-016/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4441", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4441" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10912", "reference_id": "CVE-2019-10912", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10912" }, { "reference_url": "https://symfony.com/cve-2019-10912", "reference_id": "CVE-2019-10912", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2019-10912" }, { "reference_url": "https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized", "reference_id": "CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml", "reference_id": "CVE-2019-10912.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml", "reference_id": "CVE-2019-10912.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml", "reference_id": "CVE-2019-10912.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml", "reference_id": "CVE-2019-10912.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml", "reference_id": "CVE-2019-10912.YAML", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-w2fr-65vp-mxw3", "reference_id": "GHSA-w2fr-65vp-mxw3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2fr-65vp-mxw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58020?format=api", "purl": "pkg:composer/symfony/symfony@3.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/76200?format=api", "purl": "pkg:composer/symfony/symfony@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-23hr-yznx-c3fb" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-6c6t-kmb3-2qcm" }, { "vulnerability": "VCID-7m45-bvbn-4qd3" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/58021?format=api", "purl": "pkg:composer/symfony/symfony@4.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-3kvp-hnpd-gbcq" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-9m8x-djng-8ye3" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" }, { "vulnerability": "VCID-jqh6-rwsw-73bs" }, { "vulnerability": "VCID-kktw-gsen-jyd8" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7" } ], "aliases": [ "CVE-2019-10912", "GHSA-w2fr-65vp-mxw3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zeut-9wfp-q7et" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56130?format=api", "vulnerability_id": "VCID-zgxf-qxwu-pqf9", "summary": "Symfony vulnerable to open redirect via browser-sanitized URLs\nThe `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60672", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://url.spec.whatwg.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://url.spec.whatwg.org" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345", "reference_id": "CVE-2024-50345", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345" }, { "reference_url": "https://symfony.com/cve-2024-50345", "reference_id": "CVE-2024-50345", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50345" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml", "reference_id": "CVE-2024-50345.YAML", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml", "reference_id": "CVE-2024-50345.YAML", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/777701?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83126?format=api", "purl": "pkg:composer/symfony/symfony@5.4.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/515396?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83127?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-f2w1-nvm5-rub3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/515397?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-p6dz-c7ee-1fg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/83128?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bhnt-pgq7-yya3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-50345", "GHSA-mrqx-rp3w-jpjp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.0" }