VulnerableCode Package Details - pkg:composer/symfony/http-kernel@2.4.0-BETA1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/http-kernel@2.4.0-BETA1

purl	pkg:composer/symfony/http-kernel@2.4.0-BETA1

Next non-vulnerable version	2.8.52
Latest non-vulnerable version	8.0.12
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-hs5u-r1jg-tub5 Aliases: CVE-2014-5245 GHSA-wvjv-p5rr-mmqm	Improper Access Control Direct access of ESI URLs behind a trusted proxy.	2.4.9 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0-BETA1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.4 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jqh6-rwsw-73bs Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv	Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) The UriSigner was subjectto timing attacks.	2.8.52 Affected by 0 other vulnerabilities. 3.4.35 Affected by 0 other vulnerabilities. 4.2.12 Affected by 0 other vulnerabilities. 4.3.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hs5u-r1jg-tub5
Aliases:
CVE-2014-5245
GHSA-wvjv-p5rr-mmqm

Improper Access Control Direct access of ESI URLs behind a trusted proxy.

2.4.9
Affected by 3 other vulnerabilities.

2.5.0-BETA1
Affected by 3 other vulnerabilities.

2.5.4
Affected by 3 other vulnerabilities.

3.2.13
Affected by 1 other vulnerability.

VCID-jqh6-rwsw-73bs
Aliases:
CVE-2019-18887
GHSA-q8hg-pf8v-cxrv

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) The UriSigner was subjectto timing attacks.

2.8.52
Affected by 0 other vulnerabilities.

3.4.35
Affected by 0 other vulnerabilities.

4.2.12
Affected by 0 other vulnerabilities.

4.3.8
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:25:40.429216+00:00	GitLab Importer	Affected by	VCID-jqh6-rwsw-73bs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.6.0
2026-06-04T20:04:26.012061+00:00	GitLab Importer	Affected by	VCID-hs5u-r1jg-tub5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2014-5245.yml	38.6.0