Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/19041?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19041?format=api", "vulnerability_id": "VCID-k37h-bhh2-myaj", "summary": "Symfony XML Entity Expansion security vulnerability\nSymfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean \"No Entities\"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.\n\nConsider this (non-fatal) example:\n\n<?xml version=\"1.0\"?>\n<!DOCTYPE data [<!ENTITY a\n\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\">]>\n<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>\nIncrease the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.\n\n...\n\nThis can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities.", "aliases": [ { "alias": "GHSA-q2gc-gg3x-7942" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20094?format=api", "purl": "pkg:composer/symfony/symfony@2.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20036?format=api", "purl": "pkg:composer/symfony/symfony@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147931?format=api", "purl": "pkg:composer/symfony/symfony@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/147932?format=api", "purl": "pkg:composer/symfony/symfony@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20121?format=api", "purl": "pkg:composer/symfony/symfony@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/147933?format=api", "purl": "pkg:composer/symfony/symfony@2.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/147934?format=api", "purl": "pkg:composer/symfony/symfony@2.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/147935?format=api", "purl": "pkg:composer/symfony/symfony@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/20037?format=api", "purl": "pkg:composer/symfony/symfony@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/148013?format=api", "purl": "pkg:composer/symfony/symfony@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/148014?format=api", "purl": "pkg:composer/symfony/symfony@2.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/148015?format=api", "purl": "pkg:composer/symfony/symfony@2.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/148016?format=api", "purl": "pkg:composer/symfony/symfony@2.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/148017?format=api", "purl": "pkg:composer/symfony/symfony@2.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.16" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md" }, { "reference_url": "https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff" }, { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-17-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/security-release-symfony-2-0-17-released" }, { "reference_url": "https://github.com/advisories/GHSA-q2gc-gg3x-7942", "reference_id": "GHSA-q2gc-gg3x-7942", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2gc-gg3x-7942" } ], "weaknesses": [ { "cwe_id": 776, "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", "description": "The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k37h-bhh2-myaj" }