VulnerableCode Package Details - pkg:composer/symfony/http-kernel@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-ahhz-bs6u-f3bc Aliases: CVE-2014-5245 GHSA-wvjv-p5rr-mmqm	Improper Access Control Direct access of ESI URLs behind a trusted proxy.	2.3.19 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0-BETA1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.13 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-d1kp-7aht-9qa2 Aliases: CVE-2015-2308 GHSA-5c58-w9xc-qcj9	Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.	2.3.27 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rgh3-ef8t-k3ec Aliases: CVE-2022-24894 GHSA-h7vf-5wrv-9fhv GMS-2023-209 GMS-2023-212	Duplicate This advisory duplicates another.	4.4.50 Affected by 0 other vulnerabilities. 5.0.0-BETA1 Affected by 0 other vulnerabilities. 5.4.20 Affected by 0 other vulnerabilities. 6.0.0-BETA1 Affected by 0 other vulnerabilities. 6.0.20 Affected by 0 other vulnerabilities. 6.1.0-BETA1 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.0-BETA1 Affected by 0 other vulnerabilities. 6.2.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ahhz-bs6u-f3bc
Aliases:
CVE-2014-5245
GHSA-wvjv-p5rr-mmqm

Improper Access Control Direct access of ESI URLs behind a trusted proxy.

2.3.19
Affected by 4 other vulnerabilities.

2.4.9
Affected by 4 other vulnerabilities.

2.5.0-BETA1
Affected by 4 other vulnerabilities.

2.5.4
Affected by 4 other vulnerabilities.

3.2.13
Affected by 3 other vulnerabilities.

VCID-d1kp-7aht-9qa2
Aliases:
CVE-2015-2308
GHSA-5c58-w9xc-qcj9

Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

2.3.27
Affected by 3 other vulnerabilities.

2.5.11
Affected by 3 other vulnerabilities.

2.6.6
Affected by 3 other vulnerabilities.

VCID-rgh3-ef8t-k3ec
Aliases:
CVE-2022-24894
GHSA-h7vf-5wrv-9fhv
GMS-2023-209
GMS-2023-212

Duplicate This advisory duplicates another.

4.4.50
Affected by 0 other vulnerabilities.

5.0.0-BETA1
Affected by 0 other vulnerabilities.

5.4.20
Affected by 0 other vulnerabilities.

6.0.0-BETA1
Affected by 0 other vulnerabilities.

6.0.20
Affected by 0 other vulnerabilities.

6.1.0-BETA1
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

6.2.0-BETA1
Affected by 0 other vulnerabilities.

6.2.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:29.963995+00:00	GHSA Importer	Affected by	VCID-d1kp-7aht-9qa2	https://github.com/advisories/GHSA-5c58-w9xc-qcj9	38.1.0
2026-04-02T16:58:53.782523+00:00	GHSA Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://github.com/advisories/GHSA-h7vf-5wrv-9fhv	38.1.0
2026-04-01T16:05:34.380977+00:00	GHSA Importer	Affected by	VCID-ahhz-bs6u-f3bc	https://github.com/advisories/GHSA-wvjv-p5rr-mmqm	38.0.0
2026-04-01T12:50:50.855019+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.0.0
2026-04-01T12:46:53.957575+00:00	GitLab Importer	Affected by	VCID-ahhz-bs6u-f3bc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2014-5245.yml	38.0.0