Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/http-kernel@2.6.8
purl pkg:composer/symfony/http-kernel@2.6.8
Next non-vulnerable version 4.4.50
Latest non-vulnerable version 6.2.6
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-guzg-x6nu-pygu
Aliases:
CVE-2019-18887
GHSA-q8hg-pf8v-cxrv
Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.
2.8.52
Affected by 2 other vulnerabilities.
3.4.35
Affected by 2 other vulnerabilities.
4.2.12
Affected by 2 other vulnerabilities.
4.3.8
Affected by 2 other vulnerabilities.
VCID-rgh3-ef8t-k3ec
Aliases:
CVE-2022-24894
GHSA-h7vf-5wrv-9fhv
GMS-2023-209
GMS-2023-212
Duplicate This advisory duplicates another.
4.4.50
Affected by 0 other vulnerabilities.
5.0.0-BETA1
Affected by 0 other vulnerabilities.
5.4.20
Affected by 0 other vulnerabilities.
6.0.0-BETA1
Affected by 0 other vulnerabilities.
6.0.20
Affected by 0 other vulnerabilities.
6.1.0-BETA1
Affected by 0 other vulnerabilities.
6.1.12
Affected by 0 other vulnerabilities.
6.2.0-BETA1
Affected by 0 other vulnerabilities.
6.2.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-up7g-6ewp-uya5 Improper Access Control FragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`. CVE-2015-4050
GHSA-qmqw-mpqp-mr54

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-11T23:38:57.147934+00:00 GitLab Importer Affected by VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.3.0
2026-04-11T22:10:06.659666+00:00 GitLab Importer Affected by VCID-guzg-x6nu-pygu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml 38.3.0
2026-04-11T21:42:53.103444+00:00 GitLab Importer Fixing VCID-up7g-6ewp-uya5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml 38.3.0
2026-04-04T14:31:26.700677+00:00 GHSA Importer Fixing VCID-up7g-6ewp-uya5 https://github.com/advisories/GHSA-qmqw-mpqp-mr54 38.1.0
2026-04-02T23:43:11.041739+00:00 GitLab Importer Affected by VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.1.0
2026-04-02T22:22:42.600496+00:00 GitLab Importer Affected by VCID-guzg-x6nu-pygu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml 38.1.0
2026-04-02T21:57:02.392235+00:00 GitLab Importer Fixing VCID-up7g-6ewp-uya5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml 38.1.0
2026-04-01T18:06:01.553943+00:00 GitLab Importer Affected by VCID-rgh3-ef8t-k3ec https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml 38.0.0
2026-04-01T16:40:29.112262+00:00 GitLab Importer Affected by VCID-guzg-x6nu-pygu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml 38.0.0
2026-04-01T13:10:24.563267+00:00 GithubOSV Importer Fixing VCID-up7g-6ewp-uya5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmqw-mpqp-mr54/GHSA-qmqw-mpqp-mr54.json 38.0.0
2026-04-01T12:46:57.418780+00:00 GitLab Importer Fixing VCID-up7g-6ewp-uya5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2015-4050.yml 38.0.0