Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/46379?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46379?format=api", "vulnerability_id": "VCID-4f9e-eg67-cqbr", "summary": "Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.", "aliases": [ { "alias": "CVE-2023-46734" }, { "alias": "GHSA-q847-2q57-wmr3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67688?format=api", "purl": "pkg:composer/symfony/security-http@5.4.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/67681?format=api", "purl": "pkg:composer/symfony/security-http@6.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67683?format=api", "purl": "pkg:composer/symfony/serializer@5.4.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/67679?format=api", "purl": "pkg:composer/symfony/serializer@6.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67682?format=api", "purl": "pkg:composer/symfony/symfony@4.4.51", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/67676?format=api", "purl": "pkg:composer/symfony/symfony@5.4.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/67677?format=api", "purl": "pkg:composer/symfony/symfony@6.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/67695?format=api", "purl": "pkg:composer/symfony/twig-bridge@4.4.51", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@4.4.51" }, { "url": "http://public2.vulnerablecode.io/api/packages/67696?format=api", "purl": "pkg:composer/symfony/twig-bridge@5.4.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@5.4.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/67697?format=api", "purl": "pkg:composer/symfony/twig-bridge@6.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@6.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/130182?format=api", "purl": "pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130150?format=api", "purl": "pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4av2-4k9f-byb5" }, { "vulnerability": "VCID-6v9h-7sk2-cbap" }, { "vulnerability": "VCID-7wrn-mbd7-d7ah" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-duk3-7fw9-xbcq" }, { "vulnerability": "VCID-h11w-bz83-wug4" }, { "vulnerability": "VCID-jcjs-qt7d-syfb" }, { "vulnerability": "VCID-m2u1-mytm-63cx" }, { "vulnerability": "VCID-mj2s-4kzv-1ue6" }, { "vulnerability": "VCID-p6dz-c7ee-1fg9" }, { "vulnerability": "VCID-pdhd-87qs-m7hp" }, { "vulnerability": "VCID-phfm-mhxk-fyde" }, { "vulnerability": "VCID-puu2-f43k-tbc2" }, { "vulnerability": "VCID-qchu-m5ka-nud8" }, { "vulnerability": "VCID-r9n1-p36r-zbhy" }, { "vulnerability": "VCID-rahf-hzw6-rqgm" }, { "vulnerability": "VCID-rfnv-6wry-z7f1" }, { "vulnerability": "VCID-wmjm-3p6s-e3am" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130180?format=api", "purl": "pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130148?format=api", "purl": "pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rfnv-6wry-z7f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130181?format=api", "purl": "pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130152?format=api", "purl": "pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rfnv-6wry-z7f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/130151?format=api", "purl": "pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67686?format=api", "purl": "pkg:composer/symfony/security-http@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67687?format=api", "purl": "pkg:composer/symfony/security-http@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-k7cd-4ht8-gkeu" }, { "vulnerability": "VCID-p6f7-utd6-eqej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67680?format=api", "purl": "pkg:composer/symfony/security-http@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-r4d5-zcex-sbee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51234?format=api", "purl": "pkg:composer/symfony/serializer@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-tf4a-zcve-6yhg" }, { "vulnerability": "VCID-u3er-f88q-rudx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59648?format=api", "purl": "pkg:composer/symfony/serializer@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67678?format=api", "purl": "pkg:composer/symfony/serializer@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-r4d5-zcex-sbee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/51232?format=api", "purl": "pkg:composer/symfony/symfony@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2kf8-ugvv-tbb8" }, { "vulnerability": "VCID-37et-21qw-skd7" }, { "vulnerability": "VCID-475f-pyhf-7yab" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-86ct-zv8d-d3eb" }, { "vulnerability": "VCID-8bg3-r2zm-kfht" }, { "vulnerability": "VCID-8tk3-fzaa-pufq" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-bktf-ejbt-2fds" }, { "vulnerability": "VCID-bvc9-d1ns-33g6" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-ef86-hqv4-6kaz" }, { "vulnerability": "VCID-emn6-zmp1-yuhr" }, { "vulnerability": "VCID-hkyw-trsd-g3d2" }, { "vulnerability": "VCID-hs5u-r1jg-tub5" }, { "vulnerability": "VCID-kysh-mfs1-3fad" }, { "vulnerability": "VCID-mzqs-3tyf-m7ec" }, { "vulnerability": "VCID-nsuz-7sdv-abef" }, { "vulnerability": "VCID-p131-pv18-ykht" }, { "vulnerability": "VCID-p747-wvpw-r3fx" }, { "vulnerability": "VCID-pxwk-7vcf-m7f5" }, { "vulnerability": "VCID-qg9a-7wu8-ykgs" }, { "vulnerability": "VCID-qqd1-smb1-sbe8" }, { "vulnerability": "VCID-rkap-39hu-abe9" }, { "vulnerability": "VCID-va3n-eg8b-guff" }, { "vulnerability": "VCID-vyug-krcw-jyef" }, { "vulnerability": "VCID-vz5q-1p3w-jqfy" }, { "vulnerability": "VCID-x999-2wb8-s3ec" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/59645?format=api", "purl": "pkg:composer/symfony/symfony@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-m9e2-rg83-d7eb" }, { "vulnerability": "VCID-p6f7-utd6-eqej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/60329?format=api", "purl": "pkg:composer/symfony/symfony@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15tu-dfam-yqgh" }, { "vulnerability": "VCID-4f9e-eg67-cqbr" }, { "vulnerability": "VCID-4nx8-hnsf-mych" }, { "vulnerability": "VCID-88mw-6zg1-gke1" }, { "vulnerability": "VCID-91hk-tdtv-x7fp" }, { "vulnerability": "VCID-bhnt-pgq7-yya3" }, { "vulnerability": "VCID-c3qr-9rv2-yqh9" }, { "vulnerability": "VCID-pj86-ync3-gyan" }, { "vulnerability": "VCID-yetr-unnz-gbhn" }, { "vulnerability": "VCID-zgxf-qxwu-pqf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67692?format=api", "purl": "pkg:composer/symfony/twig-bridge@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67693?format=api", "purl": "pkg:composer/symfony/twig-bridge@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/67694?format=api", "purl": "pkg:composer/symfony/twig-bridge@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f9e-eg67-cqbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/symfony/twig-bridge@6.0.0" } ], "references": [ { "reference_url": "https://github.com/symfony/symfony", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony" }, { "reference_url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54" }, { "reference_url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774", "reference_id": "1055774", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46734" }, { "reference_url": "https://symfony.com/cve-2023-46734", "reference_id": "CVE-2023-46734", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://symfony.com/cve-2023-46734" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml", "reference_id": "CVE-2023-46734.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q847-2q57-wmr3" }, { "reference_url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3", "reference_id": "GHSA-q847-2q57-wmr3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr" }