Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/19095?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19095?format=api", "vulnerability_id": "VCID-neyj-8fkw-fyb7", "summary": "Symfony XML decoding attack vector through external entities\nThe XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system.", "aliases": [ { "alias": "GHSA-mmcv-fvq8-r9x3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20037?format=api", "purl": "pkg:composer/symfony/symfony@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20036?format=api", "purl": "pkg:composer/symfony/symfony@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/147931?format=api", "purl": "pkg:composer/symfony/symfony@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/147932?format=api", "purl": "pkg:composer/symfony/symfony@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-742s-vczp-tuh1" }, { "vulnerability": "VCID-7ms4-3hc6-8bgv" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/20121?format=api", "purl": "pkg:composer/symfony/symfony@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/147933?format=api", "purl": "pkg:composer/symfony/symfony@2.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/147934?format=api", "purl": "pkg:composer/symfony/symfony@2.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/147935?format=api", "purl": "pkg:composer/symfony/symfony@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-23wm-y6hh-hfd3" }, { "vulnerability": "VCID-2hua-7wbd-tqbx" }, { "vulnerability": "VCID-446x-j2gr-f3a2" }, { "vulnerability": "VCID-4num-z8cg-83gt" }, { "vulnerability": "VCID-556v-rym3-6yax" }, { "vulnerability": "VCID-6cea-up73-y3hn" }, { "vulnerability": "VCID-6z5x-uwjt-uueq" }, { "vulnerability": "VCID-71vh-7wte-kfcx" }, { "vulnerability": "VCID-9bzz-84cq-ykh2" }, { "vulnerability": "VCID-ahhz-bs6u-f3bc" }, { "vulnerability": "VCID-bdhj-np35-sybt" }, { "vulnerability": "VCID-bhfu-7788-fbhc" }, { "vulnerability": "VCID-bny7-h1nn-bkbc" }, { "vulnerability": "VCID-c8ar-82sr-fqej" }, { "vulnerability": "VCID-d1kp-7aht-9qa2" }, { "vulnerability": "VCID-fgxs-w84s-8kh3" }, { "vulnerability": "VCID-hzwd-mq3r-qfcb" }, { "vulnerability": "VCID-jdsd-3vnz-uygn" }, { "vulnerability": "VCID-jjqk-u4vs-tbba" }, { "vulnerability": "VCID-k37h-bhh2-myaj" }, { "vulnerability": "VCID-k8ze-h7fe-fkg2" }, { "vulnerability": "VCID-kgu6-gj5d-7bfx" }, { "vulnerability": "VCID-neyj-8fkw-fyb7" }, { "vulnerability": "VCID-nsk8-bk5e-tbfh" }, { "vulnerability": "VCID-p1dw-w76f-gbfv" }, { "vulnerability": "VCID-qty4-cyfa-rugw" }, { "vulnerability": "VCID-qwcj-hq3g-2qd7" }, { "vulnerability": "VCID-rgh3-ef8t-k3ec" }, { "vulnerability": "VCID-rxbg-gmn6-kbeq" }, { "vulnerability": "VCID-rztj-ug83-dyga" }, { "vulnerability": "VCID-sfzy-423b-j3b4" }, { "vulnerability": "VCID-skth-cf6d-3ubr" }, { "vulnerability": "VCID-srrc-wxew-1fc6" }, { "vulnerability": "VCID-thtp-ehsj-t3ej" }, { "vulnerability": "VCID-u84h-sr6a-4uc7" }, { "vulnerability": "VCID-unuf-vj1b-qbhr" }, { "vulnerability": "VCID-wwhm-mrr3-v7h3" }, { "vulnerability": "VCID-xmur-ps51-myfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.10" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-02-24.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-02-24.yaml" }, { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/3e64d36cbdc34acaa82e0e6318112cd2eacb6fec", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/3e64d36cbdc34acaa82e0e6318112cd2eacb6fec" }, { "reference_url": "https://symfony.com/blog/security-release-symfony-2-0-11-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/blog/security-release-symfony-2-0-11-released" }, { "reference_url": "https://github.com/advisories/GHSA-mmcv-fvq8-r9x3", "reference_id": "GHSA-mmcv-fvq8-r9x3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mmcv-fvq8-r9x3" } ], "weaknesses": [ { "cwe_id": 502, "name": "Deserialization of Untrusted Data", "description": "The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neyj-8fkw-fyb7" }