Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62602?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62602?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "type": "composer", "namespace": "symfony", "name": "symfony", "version": "6.0.20", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.4.33", "latest_non_vulnerable_version": "8.0.12", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268522?format=api", "vulnerability_id": "VCID-6kq8-5k4z-27f2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00394", "scoring_system": "epss", "scoring_elements": "0.60588", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50345" }, { "reference_url": "https://symfony.com/cve-2024-50345", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50345" }, { "reference_url": "https://url.spec.whatwg.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/" } ], "url": "https://url.spec.whatwg.org" }, { "reference_url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp", "reference_id": "GHSA-mrqx-rp3w-jpjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mrqx-rp3w-jpjp" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187794?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187795?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-50345", "GHSA-mrqx-rp3w-jpjp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/269375?format=api", "vulnerability_id": "VCID-9mbr-qumx-8yhz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.74047", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51736" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51736" }, { "reference_url": "https://symfony.com/cve-2024-51736", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-51736" }, { "reference_url": "https://github.com/advisories/GHSA-qq5c-677p-737q", "reference_id": "GHSA-qq5c-677p-737q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qq5c-677p-737q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187794?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187795?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-51736", "GHSA-qq5c-677p-737q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268519?format=api", "vulnerability_id": "VCID-dmsr-jrsf-tqdu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66345", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50342" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50342" }, { "reference_url": "https://symfony.com/cve-2024-50342", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50342" }, { "reference_url": "https://github.com/advisories/GHSA-9c3x-r3wp-mgxm", "reference_id": "GHSA-9c3x-r3wp-mgxm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9c3x-r3wp-mgxm" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187957?format=api", "purl": "pkg:composer/symfony/symfony@6.4.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187958?format=api", "purl": "pkg:composer/symfony/symfony@7.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.8" } ], "aliases": [ "CVE-2024-50342", "GHSA-9c3x-r3wp-mgxm" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsr-jrsf-tqdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20764?format=api", "vulnerability_id": "VCID-mqjv-9ptq-q3g9", "summary": "Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06307", "scoring_system": "epss", "scoring_elements": "0.91097", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64500" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500", "reference_id": "CVE-2025-64500", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64500" }, { "reference_url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass", "reference_id": "CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml", "reference_id": "CVE-2025-64500.YAML", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rg7-wf37-54rm" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm", "reference_id": "GHSA-3rg7-wf37-54rm", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/849316?format=api", "purl": "pkg:composer/symfony/symfony@7.4.0-BETA1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70166?format=api", "purl": "pkg:composer/symfony/symfony@6.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/70167?format=api", "purl": "pkg:composer/symfony/symfony@7.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7" } ], "aliases": [ "CVE-2025-64500", "GHSA-3rg7-wf37-54rm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18796?format=api", "vulnerability_id": "VCID-mxta-zqzb-nfbv", "summary": "Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02419", "scoring_system": "epss", "scoring_elements": "0.85376", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46734" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54" }, { "reference_url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774", "reference_id": "1055774", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734" }, { "reference_url": "https://symfony.com/cve-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2023-46734" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml", "reference_id": "CVE-2023-46734.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/638026?format=api", "purl": "pkg:composer/symfony/symfony@6.4.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/66488?format=api", "purl": "pkg:composer/symfony/symfony@6.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8" } ], "aliases": [ "CVE-2023-46734", "GHSA-q847-2q57-wmr3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268517?format=api", "vulnerability_id": "VCID-wtr6-xz9n-uqg3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85051", "scoring_system": "epss", "scoring_elements": "0.99366", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50340" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/" } ], "url": "https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50340" }, { "reference_url": "https://symfony.com/cve-2024-50340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50340" }, { "reference_url": "https://github.com/advisories/GHSA-x8vp-gf4q-mw5j", "reference_id": "GHSA-x8vp-gf4q-mw5j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x8vp-gf4q-mw5j" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/728152?format=api", "purl": "pkg:composer/symfony/symfony@7.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187794?format=api", "purl": "pkg:composer/symfony/symfony@6.4.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/85037?format=api", "purl": "pkg:composer/symfony/symfony@7.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/187795?format=api", "purl": "pkg:composer/symfony/symfony@7.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqjv-9ptq-q3g9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7" } ], "aliases": [ "CVE-2024-50340", "GHSA-x8vp-gf4q-mw5j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtr6-xz9n-uqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/268520?format=api", "vulnerability_id": "VCID-yzth-mby6-fua5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.4803", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50343" }, { "reference_url": "https://symfony.com/cve-2024-50343", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2024-50343" }, { "reference_url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9", "reference_id": "GHSA-g3rh-rrhp-jhh9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3rh-rrhp-jhh9" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187880?format=api", "purl": "pkg:composer/symfony/symfony@6.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/187881?format=api", "purl": "pkg:composer/symfony/symfony@7.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4" } ], "aliases": [ "CVE-2024-50343", "GHSA-g3rh-rrhp-jhh9" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzth-mby6-fua5" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16774?format=api", "vulnerability_id": "VCID-7pwc-t6vf-eyax", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39605", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24894" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24894" }, { "reference_url": "https://symfony.com/cve-2022-24894", "reference_id": "CVE-2022-24894", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24894" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml", "reference_id": "CVE-2022-24894.YAML", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv", "reference_id": "GHSA-h7vf-5wrv-9fhv", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585196?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585208?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62600?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/440977?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62601?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62602?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/62603?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/62604?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24894", "GHSA-h7vf-5wrv-9fhv", "GMS-2023-209", "GMS-2023-212" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pwc-t6vf-eyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16776?format=api", "vulnerability_id": "VCID-uvpz-6mss-9bgn", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06271", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24895" }, { "reference_url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24895" }, { "reference_url": "https://symfony.com/cve-2022-24895", "reference_id": "CVE-2022-24895", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2022-24895" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml", "reference_id": "CVE-2022-24895.YAML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m", "reference_id": "GHSA-3gv2-29qc-v67m", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m" }, { "reference_url": "https://usn.ubuntu.com/7272-1/", "reference_id": "USN-7272-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7272-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585196?format=api", "purl": "pkg:composer/symfony/symfony@6.1.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/585208?format=api", "purl": "pkg:composer/symfony/symfony@6.2.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62600?format=api", "purl": "pkg:composer/symfony/symfony@4.4.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50" }, { "url": "http://public2.vulnerablecode.io/api/packages/440977?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fjn-22pk-p7fx" }, { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62601?format=api", "purl": "pkg:composer/symfony/symfony@5.4.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-hkcs-2mjk-ubhw" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/85031?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31pu-2pt7-2fh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62602?format=api", "purl": "pkg:composer/symfony/symfony@6.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/62603?format=api", "purl": "pkg:composer/symfony/symfony@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/62604?format=api", "purl": "pkg:composer/symfony/symfony@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6kq8-5k4z-27f2" }, { "vulnerability": "VCID-9mbr-qumx-8yhz" }, { "vulnerability": "VCID-dmsr-jrsf-tqdu" }, { "vulnerability": "VCID-dw66-36y1-g7hz" }, { "vulnerability": "VCID-mqjv-9ptq-q3g9" }, { "vulnerability": "VCID-mxta-zqzb-nfbv" }, { "vulnerability": "VCID-wtr6-xz9n-uqg3" }, { "vulnerability": "VCID-yzth-mby6-fua5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6" } ], "aliases": [ "CVE-2022-24895", "GHSA-3gv2-29qc-v67m", "GMS-2023-210", "GMS-2023-211" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpz-6mss-9bgn" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20" }