Package Instance

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://symfony.com/cve-2019-10911

reference_id

CVE-2019-10911

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10911

fixed_packages

url pkg:composer/symfony/symfony@2.7.51

purl pkg:composer/symfony/symfony@2.7.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51

url pkg:composer/symfony/symfony@2.8.50

purl pkg:composer/symfony/symfony@2.8.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50

url pkg:composer/symfony/symfony@3.4.26

purl pkg:composer/symfony/symfony@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26

url pkg:composer/symfony/symfony@4.1.12

purl pkg:composer/symfony/symfony@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12

url pkg:composer/symfony/symfony@4.2.7

purl pkg:composer/symfony/symfony@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7

aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb

url VCID-37et-21qw-skd7

vulnerability_id VCID-37et-21qw-skd7

summary

Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_id

reference_type

scores

value	0.0231
scoring_system	epss
scoring_elements	0.85061
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml

reference_url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18888

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18888

reference_url

https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18888

reference_url

reference_id

CVE-2019-18888

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18888

fixed_packages

url	pkg:composer/symfony/symfony@2.8.52
purl	pkg:composer/symfony/symfony@2.8.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52

url	pkg:composer/symfony/symfony@3.4.35
purl	pkg:composer/symfony/symfony@3.4.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35

url pkg:composer/symfony/symfony@4.2.12

purl pkg:composer/symfony/symfony@4.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12

url	pkg:composer/symfony/symfony@4.3.8
purl	pkg:composer/symfony/symfony@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8

aliases CVE-2019-18888, GHSA-xhh6-956q-4q69

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7

url VCID-6c6t-kmb3-2qcm

vulnerability_id VCID-6c6t-kmb3-2qcm

summary

Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10909

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.58063
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml

reference_url

https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2

reference_url

https://www.drupal.org/sa-core-2019-005

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2019-005

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10909

reference_id

CVE-2019-10909

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10909

reference_url

https://symfony.com/cve-2019-10909

reference_id

CVE-2019-10909

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10909

reference_url

https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine

reference_id

CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine

fixed_packages

url pkg:composer/symfony/symfony@2.7.51

purl pkg:composer/symfony/symfony@2.7.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51

url pkg:composer/symfony/symfony@2.8.50

purl pkg:composer/symfony/symfony@2.8.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50

url pkg:composer/symfony/symfony@3.4.26

purl pkg:composer/symfony/symfony@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26

url pkg:composer/symfony/symfony@4.1.12

purl pkg:composer/symfony/symfony@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12

url pkg:composer/symfony/symfony@4.2.7

purl pkg:composer/symfony/symfony@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7

aliases CVE-2019-10909, GHSA-g996-q5r8-w7g2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm

url VCID-7m45-bvbn-4qd3

vulnerability_id VCID-7m45-bvbn-4qd3

summary

SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10913

reference_id

reference_type

scores

value	0.00257
scoring_system	epss
scoring_elements	0.49289
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml

reference_url

https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10913

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10913

reference_url

https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides

reference_url

https://symfony.com/cve-2019-10913

reference_id

CVE-2019-10913

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10913

fixed_packages

url pkg:composer/symfony/symfony@2.7.51

purl pkg:composer/symfony/symfony@2.7.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51

url pkg:composer/symfony/symfony@2.8.50

purl pkg:composer/symfony/symfony@2.8.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50

url pkg:composer/symfony/symfony@3.4.26

purl pkg:composer/symfony/symfony@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26

url pkg:composer/symfony/symfony@4.1.12

purl pkg:composer/symfony/symfony@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12

url pkg:composer/symfony/symfony@4.2.7

purl pkg:composer/symfony/symfony@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7

aliases CVE-2019-10913, GHSA-x92h-wmg2-6hp7

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3

url VCID-awma-bc9f-kfe2

vulnerability_id VCID-awma-bc9f-kfe2

summary

Symfony Service IDs Allow Injection
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10910

reference_id

reference_type

scores

value	0.11901
scoring_system	epss
scoring_elements	0.93877
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb

reference_url

https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b

reference_url

https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10910

reference_id

CVE-2019-10910

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10910

reference_url

https://symfony.com/cve-2019-10910

reference_id

CVE-2019-10910

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10910

reference_url

https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid

reference_id

CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml

reference_id

CVE-2019-10910.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml

reference_id

CVE-2019-10910.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml

reference_id

CVE-2019-10910.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml

reference_url	https://github.com/advisories/GHSA-pgwj-prpq-jpc2
reference_id	GHSA-pgwj-prpq-jpc2
reference_type
scores
url	https://github.com/advisories/GHSA-pgwj-prpq-jpc2

fixed_packages

url pkg:composer/symfony/symfony@2.7.51

purl pkg:composer/symfony/symfony@2.7.51

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51

url pkg:composer/symfony/symfony@2.8.50

purl pkg:composer/symfony/symfony@2.8.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50

url pkg:composer/symfony/symfony@3.4.26

purl pkg:composer/symfony/symfony@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26

url pkg:composer/symfony/symfony@4.1.12

purl pkg:composer/symfony/symfony@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12

url pkg:composer/symfony/symfony@4.2.7

purl pkg:composer/symfony/symfony@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7

aliases CVE-2019-10910, GHSA-pgwj-prpq-jpc2

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awma-bc9f-kfe2

url VCID-jqh6-rwsw-73bs

vulnerability_id VCID-jqh6-rwsw-73bs

summary

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
The UriSigner was subjectto timing attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18887

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74617
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml

reference_url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18887

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18887

reference_url

https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18887

reference_url

reference_id

CVE-2019-18887

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18887

fixed_packages

url	pkg:composer/symfony/symfony@2.8.52
purl	pkg:composer/symfony/symfony@2.8.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52

url	pkg:composer/symfony/symfony@3.4.35
purl	pkg:composer/symfony/symfony@3.4.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35

url pkg:composer/symfony/symfony@4.2.12

purl pkg:composer/symfony/symfony@4.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12

url	pkg:composer/symfony/symfony@4.3.8
purl	pkg:composer/symfony/symfony@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8

aliases CVE-2019-18887, GHSA-q8hg-pf8v-cxrv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs

Fixing_vulnerabilities

url VCID-frbz-vpfe-vbh9

vulnerability_id VCID-frbz-vpfe-vbh9

summary

Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19789

reference_id

reference_type

scores

value	0.00869
scoring_system	epss
scoring_elements	0.75538
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19789

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19789

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path

reference_url

https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-19789

reference_url

reference_id

CVE-2018-19789

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-19789

fixed_packages

url pkg:composer/symfony/symfony@2.7.50

purl pkg:composer/symfony/symfony@2.7.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.50

url pkg:composer/symfony/symfony@2.8.49

purl pkg:composer/symfony/symfony@2.8.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.49

url pkg:composer/symfony/symfony@3.4.20

purl pkg:composer/symfony/symfony@3.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20

url pkg:composer/symfony/symfony@4.0.15

purl pkg:composer/symfony/symfony@4.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15

url pkg:composer/symfony/symfony@4.1.9

purl pkg:composer/symfony/symfony@4.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9

url pkg:composer/symfony/symfony@4.2.1

purl pkg:composer/symfony/symfony@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1

aliases CVE-2018-19789, GHSA-x3cf-w64x-4cp2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9

url VCID-mew1-9shg-mugs

vulnerability_id VCID-mew1-9shg-mugs

summary

URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_id

reference_type

scores

value	0.00447
scoring_system	epss
scoring_elements	0.63833
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url