Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@3.3.18
Typecomposer
Namespacesymfony
Namesymfony
Version3.3.18
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.4.0-BETA5
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1y96-v19f-tkgg
vulnerability_id VCID-1y96-v19f-tkgg
summary 
Improper Input Validation
An issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
reference_id CVE-2018-14774
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14774
fixed_packages
0
url pkg:composer/symfony/symfony@2.7.49
purl pkg:composer/symfony/symfony@2.7.49
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49
1
url pkg:composer/symfony/symfony@2.8.44
purl pkg:composer/symfony/symfony@2.8.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44
2
url pkg:composer/symfony/symfony@3.3.18
purl pkg:composer/symfony/symfony@3.3.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18
3
url pkg:composer/symfony/symfony@3.4.14
purl pkg:composer/symfony/symfony@3.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14
4
url pkg:composer/symfony/symfony@4.0.14
purl pkg:composer/symfony/symfony@4.0.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14
5
url pkg:composer/symfony/symfony@4.1.3
purl pkg:composer/symfony/symfony@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3
aliases CVE-2018-14774
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1y96-v19f-tkgg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18