Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie

Type deb

Namespace debian

Name symfony

Version 2.3.21+dfsg-4

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.7.0~beta2+dfsg-2

Latest_non_vulnerable_version 7.4.8+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-d1kp-7aht-9qa2

vulnerability_id VCID-d1kp-7aht-9qa2

summary

Esi Code Injection
Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089

reference_url

http://jvn.jp/en/jp/JVN19578958/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN19578958/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2308

reference_id

reference_type

scores

value	0.00543
scoring_system	epss
scoring_elements	0.6777
published_at	2026-04-18T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67679
published_at	2026-04-02T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.677
published_at	2026-04-04T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.6768
published_at	2026-04-07T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67732
published_at	2026-04-08T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67745
published_at	2026-04-09T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67769
published_at	2026-04-11T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67755
published_at	2026-04-12T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67721
published_at	2026-04-13T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67758
published_at	2026-04-16T12:55:00Z

value	0.00543
scoring_system	epss
scoring_elements	0.67645
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-2308

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2308

reference_url

https://symfony.com/blog/cve-2015-2308-esi-code-injection

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2015-2308-esi-code-injection

reference_url

https://symfony.com/cve-2015-2308

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2015-2308

reference_url

https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357

reference_url	http://symfony.com/blog/cve-2015-2308-esi-code-injection
reference_id	CVE-2015-2308-ESI-CODE-INJECTION
reference_type
scores
url	http://symfony.com/blog/cve-2015-2308-esi-code-injection

reference_url

https://github.com/advisories/GHSA-5c58-w9xc-qcj9

reference_id

GHSA-5c58-w9xc-qcj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5c58-w9xc-qcj9

fixed_packages

url	pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie
purl	pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie

url pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

purl pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1dw-w76f-gbfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-2308, GHSA-5c58-w9xc-qcj9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1kp-7aht-9qa2

url VCID-wwhm-mrr3-v7h3

vulnerability_id VCID-wwhm-mrr3-v7h3

summary

Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml

reference_url

https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84

reference_url

https://github.com/symfony/symfony/pull/14166

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/14166

reference_url

https://symfony.com/cve-2015-2309

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2015-2309

reference_url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id	CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class

reference_url

https://github.com/advisories/GHSA-p684-f7fh-jv2j

reference_id

GHSA-p684-f7fh-jv2j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p684-f7fh-jv2j

fixed_packages

url	pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie
purl	pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie

url pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

purl pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1dw-w76f-gbfv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie

url	pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
purl	pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@2.3.21%252Bdfsg-4%3Fdistro=trixie

Package Instance