VulnerableCode Package Details - pkg:deb/debian/symfony@2.3.21%2Bdfsg-4?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-d1kp-7aht-9qa2	Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.	CVE-2015-2308 GHSA-5c58-w9xc-qcj9
VCID-wwhm-mrr3-v7h3	Unsafe methods in the Request class The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.	CVE-2015-2309 GHSA-p684-f7fh-jv2j

Vulnerability

Summary

Aliases

VCID-d1kp-7aht-9qa2

Esi Code Injection Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\Component\HttpKernel\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

CVE-2015-2308
GHSA-5c58-w9xc-qcj9

VCID-wwhm-mrr3-v7h3

Unsafe methods in the Request class The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.

CVE-2015-2309
GHSA-p684-f7fh-jv2j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:10:15.032540+00:00	Debian Importer	Fixing	VCID-wwhm-mrr3-v7h3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:10.057512+00:00	Debian Importer	Fixing	VCID-d1kp-7aht-9qa2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:19:25.588275+00:00	Debian Importer	Fixing	VCID-wwhm-mrr3-v7h3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:12.445205+00:00	Debian Importer	Fixing	VCID-d1kp-7aht-9qa2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:53:41.159386+00:00	Debian Importer	Fixing	VCID-wwhm-mrr3-v7h3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:41.118058+00:00	Debian Importer	Fixing	VCID-d1kp-7aht-9qa2	https://security-tracker.debian.org/tracker/data/json	38.1.0