Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@4.0.14
Typecomposer
Namespacesymfony
Namesymfony
Version4.0.14
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.0.15
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1y96-v19f-tkgg
vulnerability_id VCID-1y96-v19f-tkgg
summary 
Improper Input Validation
An issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
reference_id CVE-2018-14774
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
fixed_packages
0
url pkg:composer/symfony/symfony@2.7.49
purl pkg:composer/symfony/symfony@2.7.49
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49
1
url pkg:composer/symfony/symfony@2.8.44
purl pkg:composer/symfony/symfony@2.8.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44
2
url pkg:composer/symfony/symfony@3.3.18
purl pkg:composer/symfony/symfony@3.3.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18
3
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
4
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
5
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14774
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1y96-v19f-tkgg
1
url VCID-qqd1-smb1-sbe8
vulnerability_id VCID-qqd1-smb1-sbe8
summary 
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.
references
0
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
fixed_packages
0
url pkg:composer/symfony/symfony@2.8.44
purl pkg:composer/symfony/symfony@2.8.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44
1
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
2
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
3
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14773
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14