VulnerableCode Package Details - pkg:composer/symfony/http-kernel@2.5.0-BETA1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/http-kernel@2.5.0-BETA1

Essentials
History (15)

purl	pkg:composer/symfony/http-kernel@2.5.0-BETA1

Next non-vulnerable version	4.4.50
Latest non-vulnerable version	6.2.6
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-d1kp-7aht-9qa2 Aliases: CVE-2015-2308 GHSA-5c58-w9xc-qcj9	Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.	2.5.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-guzg-x6nu-pygu Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv	Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.	2.8.52 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rgh3-ef8t-k3ec Aliases: CVE-2022-24894 GHSA-h7vf-5wrv-9fhv GMS-2023-209 GMS-2023-212	Duplicate This advisory duplicates another.	4.4.50 Affected by 0 other vulnerabilities. 5.0.0-BETA1 Affected by 0 other vulnerabilities. 5.4.20 Affected by 0 other vulnerabilities. 6.0.0-BETA1 Affected by 0 other vulnerabilities. 6.0.20 Affected by 0 other vulnerabilities. 6.1.0-BETA1 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.0-BETA1 Affected by 0 other vulnerabilities. 6.2.6 Affected by 0 other vulnerabilities.
VCID-up7g-6ewp-uya5 Aliases: CVE-2015-4050 GHSA-qmqw-mpqp-mr54	Improper Access Control FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`.	2.5.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-ahhz-bs6u-f3bc	Improper Access Control Direct access of ESI URLs behind a trusted proxy.	CVE-2014-5245 GHSA-wvjv-p5rr-mmqm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:38:57.053745+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.3.0
2026-04-11T22:10:06.564365+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.3.0
2026-04-11T21:42:56.160158+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.3.0
2026-04-11T21:42:53.017992+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.3.0
2026-04-11T21:42:12.580357+00:00	GitLab Importer	Fixing	VCID-ahhz-bs6u-f3bc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2014-5245.yml	38.3.0
2026-04-02T23:43:10.957813+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.1.0
2026-04-02T22:22:42.512794+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.1.0
2026-04-02T21:57:05.508295+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.1.0
2026-04-02T21:57:02.312564+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.1.0
2026-04-02T21:56:22.425805+00:00	GitLab Importer	Fixing	VCID-ahhz-bs6u-f3bc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2014-5245.yml	38.1.0
2026-04-01T18:06:01.445495+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.0.0
2026-04-01T16:40:29.013528+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.0.0
2026-04-01T16:14:17.204722+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.0.0
2026-04-01T16:14:13.553175+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.0.0
2026-04-01T16:13:32.269845+00:00	GitLab Importer	Fixing	VCID-ahhz-bs6u-f3bc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2014-5245.yml	38.0.0