Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9m8x-djng-8ye3

Summary

Improper Input Validation
The `VarExport` component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code.

Aliases

alias	CVE-2019-11325

alias	GHSA-w4rc-rx25-8m86

Fixed_packages

url pkg:composer/symfony/symfony@4.2.12

purl pkg:composer/symfony/symfony@4.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12

url	pkg:composer/symfony/symfony@4.3.8
purl	pkg:composer/symfony/symfony@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8

url	pkg:composer/symfony/var-exporter@4.2.12
purl	pkg:composer/symfony/var-exporter@4.2.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.12

url	pkg:composer/symfony/var-exporter@4.3.8
purl	pkg:composer/symfony/var-exporter@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.8

url	pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.3.8%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

purl pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4av2-4k9f-byb5

vulnerability	VCID-6v9h-7sk2-cbap

vulnerability	VCID-7wrn-mbd7-d7ah

vulnerability	VCID-bhnt-pgq7-yya3

vulnerability	VCID-duk3-7fw9-xbcq

vulnerability	VCID-h11w-bz83-wug4

vulnerability	VCID-jcjs-qt7d-syfb

vulnerability	VCID-m2u1-mytm-63cx

vulnerability	VCID-mj2s-4kzv-1ue6

vulnerability	VCID-p6dz-c7ee-1fg9

vulnerability	VCID-pdhd-87qs-m7hp

vulnerability	VCID-phfm-mhxk-fyde

vulnerability	VCID-puu2-f43k-tbc2

vulnerability	VCID-qchu-m5ka-nud8

vulnerability	VCID-r9n1-p36r-zbhy

vulnerability	VCID-rahf-hzw6-rqgm

vulnerability	VCID-rfnv-6wry-z7f1

vulnerability	VCID-wmjm-3p6s-e3am

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie

url pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:composer/symfony/symfony@4.2.0

purl pkg:composer/symfony/symfony@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-frbz-vpfe-vbh9

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.0

url pkg:composer/symfony/symfony@4.2.1

purl pkg:composer/symfony/symfony@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1

url pkg:composer/symfony/symfony@4.2.2

purl pkg:composer/symfony/symfony@4.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.2

url pkg:composer/symfony/symfony@4.2.3

purl pkg:composer/symfony/symfony@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.3

url pkg:composer/symfony/symfony@4.2.4

purl pkg:composer/symfony/symfony@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.4

url pkg:composer/symfony/symfony@4.2.5

purl pkg:composer/symfony/symfony@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.5

url pkg:composer/symfony/symfony@4.2.6

purl pkg:composer/symfony/symfony@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-6c6t-kmb3-2qcm

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-awma-bc9f-kfe2

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-zeut-9wfp-q7et

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.6

url pkg:composer/symfony/symfony@4.2.7

purl pkg:composer/symfony/symfony@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7

url pkg:composer/symfony/symfony@4.2.8

purl pkg:composer/symfony/symfony@4.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.8

url pkg:composer/symfony/symfony@4.2.9

purl pkg:composer/symfony/symfony@4.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.9

url pkg:composer/symfony/symfony@4.2.10

purl pkg:composer/symfony/symfony@4.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.10

url pkg:composer/symfony/symfony@4.2.11

purl pkg:composer/symfony/symfony@4.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.11

url pkg:composer/symfony/symfony@4.3.0

purl pkg:composer/symfony/symfony@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-4nx8-hnsf-mych

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.0

url pkg:composer/symfony/symfony@4.3.1

purl pkg:composer/symfony/symfony@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.1

url pkg:composer/symfony/symfony@4.3.2

purl pkg:composer/symfony/symfony@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.2

url pkg:composer/symfony/symfony@4.3.3

purl pkg:composer/symfony/symfony@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.3

url pkg:composer/symfony/symfony@4.3.4

purl pkg:composer/symfony/symfony@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.4

url pkg:composer/symfony/symfony@4.3.5

purl pkg:composer/symfony/symfony@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.5

url pkg:composer/symfony/symfony@4.3.6

purl pkg:composer/symfony/symfony@4.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.6

url pkg:composer/symfony/symfony@4.3.7

purl pkg:composer/symfony/symfony@4.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-3kvp-hnpd-gbcq

vulnerability	VCID-9m8x-djng-8ye3

vulnerability	VCID-jqh6-rwsw-73bs

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.7

url pkg:composer/symfony/var-exporter@4.2.0

purl pkg:composer/symfony/var-exporter@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.0

url pkg:composer/symfony/var-exporter@4.2.1

purl pkg:composer/symfony/var-exporter@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.1

url pkg:composer/symfony/var-exporter@4.2.2

purl pkg:composer/symfony/var-exporter@4.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.2

url pkg:composer/symfony/var-exporter@4.2.3

purl pkg:composer/symfony/var-exporter@4.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.3

url pkg:composer/symfony/var-exporter@4.2.4

purl pkg:composer/symfony/var-exporter@4.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.4

url pkg:composer/symfony/var-exporter@4.2.5

purl pkg:composer/symfony/var-exporter@4.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.5

url pkg:composer/symfony/var-exporter@4.2.6

purl pkg:composer/symfony/var-exporter@4.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.6

url pkg:composer/symfony/var-exporter@4.2.7

purl pkg:composer/symfony/var-exporter@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.7

url pkg:composer/symfony/var-exporter@4.2.8

purl pkg:composer/symfony/var-exporter@4.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.8

url pkg:composer/symfony/var-exporter@4.2.9

purl pkg:composer/symfony/var-exporter@4.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.9

url pkg:composer/symfony/var-exporter@4.2.10

purl pkg:composer/symfony/var-exporter@4.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.10

url pkg:composer/symfony/var-exporter@4.2.11

purl pkg:composer/symfony/var-exporter@4.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.2.11

url pkg:composer/symfony/var-exporter@4.3.0

purl pkg:composer/symfony/var-exporter@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.0

url pkg:composer/symfony/var-exporter@4.3.1

purl pkg:composer/symfony/var-exporter@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.1

url pkg:composer/symfony/var-exporter@4.3.2

purl pkg:composer/symfony/var-exporter@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.2

url pkg:composer/symfony/var-exporter@4.3.3

purl pkg:composer/symfony/var-exporter@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.3

url pkg:composer/symfony/var-exporter@4.3.4

purl pkg:composer/symfony/var-exporter@4.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.4

url pkg:composer/symfony/var-exporter@4.3.5

purl pkg:composer/symfony/var-exporter@4.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.5

url pkg:composer/symfony/var-exporter@4.3.6

purl pkg:composer/symfony/var-exporter@4.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.6

url pkg:composer/symfony/var-exporter@4.3.7

purl pkg:composer/symfony/var-exporter@4.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9m8x-djng-8ye3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/var-exporter@4.3.7

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11325

reference_id

reference_type

scores

value	0.04687
scoring_system	epss
scoring_elements	0.89531
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11325

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-11325.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/var-exporter/CVE-2019-11325.yaml

reference_url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url

https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/var-exporter/compare/d8bf442...57e00f3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11325

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11325

reference_url

https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter

reference_url

https://symfony.com/blog/symfony-4-3-8-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/symfony-4-3-8-released

reference_url

https://symfony.com/cve-2019-11325

reference_id

CVE-2019-11325

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-11325

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	116
name	Improper Encoding or Escaping of Output
description	The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9m8x-djng-8ye3

Vulnerability Instance