Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/form@2.8.49
Typecomposer
Namespacesymfony
Nameform
Version2.8.49
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.4.0-BETA5
Latest_non_vulnerable_version6.2.6
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-a9gt-63v3-vbdf
vulnerability_id VCID-a9gt-63v3-vbdf
summary 
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
reference_id
reference_type
scores
0
value 0.00869
scoring_system epss
scoring_elements 0.75497
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19789
1
reference_url https://symfony.com/cve-2018-19789
reference_id CVE-2018-19789
reference_type
scores
url https://symfony.com/cve-2018-19789
fixed_packages
0
url pkg:composer/symfony/form@2.7.50
purl pkg:composer/symfony/form@2.7.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.7.50
1
url pkg:composer/symfony/form@2.8.49
purl pkg:composer/symfony/form@2.8.49
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.8.49
2
url pkg:composer/symfony/form@3.4.20
purl pkg:composer/symfony/form@3.4.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@3.4.20
3
url pkg:composer/symfony/form@4.0.15
purl pkg:composer/symfony/form@4.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@4.0.15
4
url pkg:composer/symfony/form@4.1.9
purl pkg:composer/symfony/form@4.1.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@4.1.9
5
url pkg:composer/symfony/form@4.2.1
purl pkg:composer/symfony/form@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@4.2.1
aliases CVE-2018-19789
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9gt-63v3-vbdf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.8.49