VulnerableCode Package Details - pkg:composer/symfony/http-kernel@3.4.0-BETA2

Search for packages

Vulnerability	Summary	Fixed by
VCID-91hk-tdtv-x7fp Aliases: CVE-2022-24894 GHSA-h7vf-5wrv-9fhv GMS-2023-209 GMS-2023-212	Duplicate This advisory duplicates another.	4.4.50 Affected by 0 other vulnerabilities. 5.0.0-BETA1 Affected by 0 other vulnerabilities. 5.4.20 Affected by 0 other vulnerabilities. 6.0.0-BETA1 Affected by 0 other vulnerabilities. 6.0.20 Affected by 0 other vulnerabilities. 6.1.0-BETA1 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.0-BETA1 Affected by 0 other vulnerabilities. 6.2.6 Affected by 0 other vulnerabilities.
VCID-jqh6-rwsw-73bs Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv	Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) The UriSigner was subjectto timing attacks.	3.4.35 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.12 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p6f7-utd6-eqej Aliases: CVE-2021-21424 GHSA-5pv8-ppvj-4h68	Information Exposure Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.	3.4.48 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.4.23 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.2.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-91hk-tdtv-x7fp
Aliases:
CVE-2022-24894
GHSA-h7vf-5wrv-9fhv
GMS-2023-209
GMS-2023-212

Duplicate This advisory duplicates another.

4.4.50
Affected by 0 other vulnerabilities.

5.0.0-BETA1
Affected by 0 other vulnerabilities.

5.4.20
Affected by 0 other vulnerabilities.

6.0.0-BETA1
Affected by 0 other vulnerabilities.

6.0.20
Affected by 0 other vulnerabilities.

6.1.0-BETA1
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

6.2.0-BETA1
Affected by 0 other vulnerabilities.

6.2.6
Affected by 0 other vulnerabilities.

VCID-jqh6-rwsw-73bs
Aliases:
CVE-2019-18887
GHSA-q8hg-pf8v-cxrv

Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) The UriSigner was subjectto timing attacks.

3.4.35
Affected by 2 other vulnerabilities.

4.2.12
Affected by 2 other vulnerabilities.

4.3.8
Affected by 2 other vulnerabilities.

VCID-p6f7-utd6-eqej
Aliases:
CVE-2021-21424
GHSA-5pv8-ppvj-4h68

Information Exposure Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.

3.4.48
Affected by 1 other vulnerability.

4.4.23
Affected by 1 other vulnerability.

5.2.8
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:26:21.969573+00:00	GitLab Importer	Affected by	VCID-91hk-tdtv-x7fp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/GMS-2023-209.yml	38.6.0
2026-06-06T00:37:13.532073+00:00	GitLab Importer	Affected by	VCID-p6f7-utd6-eqej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2021-21424.yml	38.6.0
2026-06-04T20:25:40.951903+00:00	GitLab Importer	Affected by	VCID-jqh6-rwsw-73bs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml	38.6.0