Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@3.3.0-alpha0
Typecomposer
Namespacesymfony
Namesymfony
Version3.3.0-alpha0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.51
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-djnm-e9r4-c3f5
vulnerability_id VCID-djnm-e9r4-c3f5
summary `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44837
published_at 2026-06-04T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44893
published_at 2026-06-07T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44913
published_at 2026-06-06T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.44907
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/pull/24995
reference_id
reference_type
scores
url https://github.com/symfony/symfony/pull/24995
15
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
17
reference_url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
18
reference_url https://symfony.com/cve-2017-16652
reference_id CVE-2017-16652
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16652
19
reference_url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS
reference_type
scores
url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-1y96-v19f-tkgg
2
vulnerability VCID-23hr-yznx-c3fb
3
vulnerability VCID-37et-21qw-skd7
4
vulnerability VCID-3kvp-hnpd-gbcq
5
vulnerability VCID-4f9e-eg67-cqbr
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7m45-bvbn-4qd3
8
vulnerability VCID-91hk-tdtv-x7fp
9
vulnerability VCID-awma-bc9f-kfe2
10
vulnerability VCID-bhnt-pgq7-yya3
11
vulnerability VCID-c3qr-9rv2-yqh9
12
vulnerability VCID-ef86-hqv4-6kaz
13
vulnerability VCID-f2w1-nvm5-rub3
14
vulnerability VCID-frbz-vpfe-vbh9
15
vulnerability VCID-jqh6-rwsw-73bs
16
vulnerability VCID-mew1-9shg-mugs
17
vulnerability VCID-nsuz-7sdv-abef
18
vulnerability VCID-p6f7-utd6-eqej
19
vulnerability VCID-pj86-ync3-gyan
20
vulnerability VCID-qqd1-smb1-sbe8
21
vulnerability VCID-tx26-92jc-rkff
22
vulnerability VCID-uuk9-e5qy-rfgf
23
vulnerability VCID-vyug-krcw-jyef
24
vulnerability VCID-yetr-unnz-gbhn
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
1
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
2
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16652, GHSA-r7p7-qr7p-2rrf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djnm-e9r4-c3f5
1
url VCID-xdtu-22ad-63aq
vulnerability_id VCID-xdtu-22ad-63aq
summary 
Attacker can read all files content on the server
When a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the `$_POST` array in plain PHP) and uploaded files data (known as the `$_FILES` array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a `FileType` is sent as normal `POST` data that could be interpreted as a locale file path on the server-side (for example, `file:///etc/passwd`). If the application did not perform any additional checks about the value submitted to the `FileType`, the contents of the given file on the server could have been exposed to the attacker.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16790
reference_id
reference_type
scores
0
value 0.00686
scoring_system epss
scoring_elements 0.72143
published_at 2026-06-05T12:55:00Z
1
value 0.00686
scoring_system epss
scoring_elements 0.7213
published_at 2026-06-07T12:55:00Z
2
value 0.00686
scoring_system epss
scoring_elements 0.7215
published_at 2026-06-06T12:55:00Z
3
value 0.00686
scoring_system epss
scoring_elements 0.72102
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16790
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml
12
reference_url https://github.com/symfony/form
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/form
13
reference_url https://github.com/symfony/symfony/pull/24993
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/24993
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16790
15
reference_url https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
16
reference_url https://symfony.com/cve-2017-16790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16790
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
reference_id CVE-2017-16790-ENSURE-THAT-SUBMITTED-DATA-ARE-UPLOADED-FILES
reference_type
scores
url http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-1y96-v19f-tkgg
2
vulnerability VCID-23hr-yznx-c3fb
3
vulnerability VCID-37et-21qw-skd7
4
vulnerability VCID-3kvp-hnpd-gbcq
5
vulnerability VCID-4f9e-eg67-cqbr
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7m45-bvbn-4qd3
8
vulnerability VCID-91hk-tdtv-x7fp
9
vulnerability VCID-awma-bc9f-kfe2
10
vulnerability VCID-bhnt-pgq7-yya3
11
vulnerability VCID-c3qr-9rv2-yqh9
12
vulnerability VCID-ef86-hqv4-6kaz
13
vulnerability VCID-f2w1-nvm5-rub3
14
vulnerability VCID-frbz-vpfe-vbh9
15
vulnerability VCID-jqh6-rwsw-73bs
16
vulnerability VCID-mew1-9shg-mugs
17
vulnerability VCID-nsuz-7sdv-abef
18
vulnerability VCID-p6f7-utd6-eqej
19
vulnerability VCID-pj86-ync3-gyan
20
vulnerability VCID-qqd1-smb1-sbe8
21
vulnerability VCID-tx26-92jc-rkff
22
vulnerability VCID-uuk9-e5qy-rfgf
23
vulnerability VCID-vyug-krcw-jyef
24
vulnerability VCID-yetr-unnz-gbhn
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
1
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
2
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16790, GHSA-cqqh-94r6-wjrg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdtu-22ad-63aq
2
url VCID-xj13-fspe-hfgv
vulnerability_id VCID-xj13-fspe-hfgv
summary 
An attacker can navigate to arbitrary directories via the dot-dot-slash attack
This package includes various bundle readers that are used to read resource bundles from the local filesystem. The `read()` methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a `URL` parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16654
reference_id
reference_type
scores
0
value 0.00543
scoring_system epss
scoring_elements 0.68121
published_at 2026-06-06T12:55:00Z
1
value 0.00543
scoring_system epss
scoring_elements 0.68113
published_at 2026-06-07T12:55:00Z
2
value 0.00543
scoring_system epss
scoring_elements 0.68074
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16654
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/pull/24994
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/24994
14
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16654
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16654
16
reference_url https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
17
reference_url https://symfony.com/cve-2017-16654
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16654
18
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
19
reference_url http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
reference_id CVE-2017-16654-INTL-BUNDLE-READERS-BREAKING-OUT-OF-PATHS
reference_type
scores
url http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths
fixed_packages
0
url pkg:composer/symfony/symfony@3.3.13
purl pkg:composer/symfony/symfony@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-1y96-v19f-tkgg
2
vulnerability VCID-23hr-yznx-c3fb
3
vulnerability VCID-37et-21qw-skd7
4
vulnerability VCID-3kvp-hnpd-gbcq
5
vulnerability VCID-4f9e-eg67-cqbr
6
vulnerability VCID-6c6t-kmb3-2qcm
7
vulnerability VCID-7m45-bvbn-4qd3
8
vulnerability VCID-91hk-tdtv-x7fp
9
vulnerability VCID-awma-bc9f-kfe2
10
vulnerability VCID-bhnt-pgq7-yya3
11
vulnerability VCID-c3qr-9rv2-yqh9
12
vulnerability VCID-ef86-hqv4-6kaz
13
vulnerability VCID-f2w1-nvm5-rub3
14
vulnerability VCID-frbz-vpfe-vbh9
15
vulnerability VCID-jqh6-rwsw-73bs
16
vulnerability VCID-mew1-9shg-mugs
17
vulnerability VCID-nsuz-7sdv-abef
18
vulnerability VCID-p6f7-utd6-eqej
19
vulnerability VCID-pj86-ync3-gyan
20
vulnerability VCID-qqd1-smb1-sbe8
21
vulnerability VCID-tx26-92jc-rkff
22
vulnerability VCID-uuk9-e5qy-rfgf
23
vulnerability VCID-vyug-krcw-jyef
24
vulnerability VCID-yetr-unnz-gbhn
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13
1
url pkg:composer/symfony/symfony@3.4.0-BETA5
purl pkg:composer/symfony/symfony@3.4.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5
2
url pkg:composer/symfony/symfony@4.0.0-BETA5
purl pkg:composer/symfony/symfony@4.0.0-BETA5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5
aliases CVE-2017-16654, GHSA-c49r-8gj6-768r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xj13-fspe-hfgv
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.0-alpha0