VulnerableCode Package Details - pkg:composer/symfony/http-kernel@2.5.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/http-kernel@2.5.9

Essentials
History (12)

purl	pkg:composer/symfony/http-kernel@2.5.9

Next non-vulnerable version	4.4.50
Latest non-vulnerable version	6.2.6
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-d1kp-7aht-9qa2 Aliases: CVE-2015-2308 GHSA-5c58-w9xc-qcj9	Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.	2.5.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.6 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-guzg-x6nu-pygu Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv	Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.	2.8.52 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rgh3-ef8t-k3ec Aliases: CVE-2022-24894 GHSA-h7vf-5wrv-9fhv GMS-2023-209 GMS-2023-212	Duplicate This advisory duplicates another.	4.4.50 Affected by 0 other vulnerabilities. 5.0.0-BETA1 Affected by 0 other vulnerabilities. 5.4.20 Affected by 0 other vulnerabilities. 6.0.0-BETA1 Affected by 0 other vulnerabilities. 6.0.20 Affected by 0 other vulnerabilities. 6.1.0-BETA1 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.0-BETA1 Affected by 0 other vulnerabilities. 6.2.6 Affected by 0 other vulnerabilities.
VCID-up7g-6ewp-uya5 Aliases: CVE-2015-4050 GHSA-qmqw-mpqp-mr54	Improper Access Control FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`.	2.5.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.6.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:38:57.095680+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.3.0
2026-04-11T22:10:06.608470+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.3.0
2026-04-11T21:42:56.205265+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.3.0
2026-04-11T21:42:53.055627+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.3.0
2026-04-02T23:43:10.996771+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.1.0
2026-04-02T22:22:42.553039+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.1.0
2026-04-02T21:57:05.547933+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.1.0
2026-04-02T21:57:02.347652+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.1.0
2026-04-01T18:06:01.496608+00:00	GitLab Importer	Affected by	VCID-rgh3-ef8t-k3ec	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.0.0
2026-04-01T16:40:29.058177+00:00	GitLab Importer	Affected by	VCID-guzg-x6nu-pygu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.0.0
2026-04-01T16:14:17.249414+00:00	GitLab Importer	Affected by	VCID-d1kp-7aht-9qa2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-2308.yml	38.0.0
2026-04-01T16:14:13.598125+00:00	GitLab Importer	Affected by	VCID-up7g-6ewp-uya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml	38.0.0