Search for packages
| purl | pkg:composer/symfony/symfony@2.4.0-alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-d1kp-7aht-9qa2
Aliases: CVE-2015-2308 GHSA-5c58-w9xc-qcj9 |
Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server. |
Affected by 22 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-nsk8-bk5e-tbfh
Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm |
CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. |
Affected by 25 other vulnerabilities. Affected by 30 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-wwhm-mrr3-v7h3
Aliases: CVE-2015-2309 GHSA-p684-f7fh-jv2j |
Unsafe methods in the Request class The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`. |
Affected by 22 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 21 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:03.914211+00:00 | GitLab Importer | Affected by | VCID-nsk8-bk5e-tbfh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-4423.yml | 38.0.0 |
| 2026-04-01T12:46:57.599323+00:00 | GitLab Importer | Affected by | VCID-d1kp-7aht-9qa2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2015-2308.yml | 38.0.0 |
| 2026-04-01T12:46:56.850546+00:00 | GitLab Importer | Affected by | VCID-wwhm-mrr3-v7h3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2015-2309.yml | 38.0.0 |