VulnerableCode Package Details - pkg:deb/debian/symfony@4.3.8%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9qrr-z4mp-vyfp	User enumeration leak using switch user functionality in Symfony An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.	CVE-2019-18886 GHSA-4vpc-5jx4-cfqg
VCID-9rsx-fscb-6fh3	Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.	CVE-2019-18889 GHSA-79gr-58r3-pwm3
VCID-guzg-x6nu-pygu	Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.	CVE-2019-18887 GHSA-q8hg-pf8v-cxrv
VCID-jdsd-3vnz-uygn	Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).	CVE-2019-18888 GHSA-xhh6-956q-4q69
VCID-wd9z-d4h5-hkax	Improper Input Validation in Symfony An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.	CVE-2019-11325 GHSA-w4rc-rx25-8m86

Vulnerability

Summary

Aliases

VCID-9qrr-z4mp-vyfp

User enumeration leak using switch user functionality in Symfony An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality. This is related to symfony/security.

CVE-2019-18886
GHSA-4vpc-5jx4-cfqg

VCID-9rsx-fscb-6fh3

Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

CVE-2019-18889
GHSA-79gr-58r3-pwm3

VCID-guzg-x6nu-pygu

Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.

CVE-2019-18887
GHSA-q8hg-pf8v-cxrv

VCID-jdsd-3vnz-uygn

Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

CVE-2019-18888
GHSA-xhh6-956q-4q69

VCID-wd9z-d4h5-hkax

Improper Input Validation in Symfony An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.

CVE-2019-11325
GHSA-w4rc-rx25-8m86

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:17:48.599907+00:00	Debian Importer	Fixing	VCID-9rsx-fscb-6fh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:46:44.250445+00:00	Debian Importer	Fixing	VCID-wd9z-d4h5-hkax	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:46.185336+00:00	Debian Importer	Fixing	VCID-jdsd-3vnz-uygn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:00.823696+00:00	Debian Importer	Fixing	VCID-guzg-x6nu-pygu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:12.584787+00:00	Debian Importer	Fixing	VCID-9qrr-z4mp-vyfp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:55:44.001406+00:00	Debian Importer	Fixing	VCID-9rsx-fscb-6fh3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:31:50.734731+00:00	Debian Importer	Fixing	VCID-wd9z-d4h5-hkax	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:21.444191+00:00	Debian Importer	Fixing	VCID-jdsd-3vnz-uygn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:25.904240+00:00	Debian Importer	Fixing	VCID-guzg-x6nu-pygu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:13.906368+00:00	Debian Importer	Fixing	VCID-9qrr-z4mp-vyfp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:53:42.491440+00:00	Debian Importer	Fixing	VCID-9rsx-fscb-6fh3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:42.451824+00:00	Debian Importer	Fixing	VCID-jdsd-3vnz-uygn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:42.411675+00:00	Debian Importer	Fixing	VCID-guzg-x6nu-pygu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:42.371537+00:00	Debian Importer	Fixing	VCID-9qrr-z4mp-vyfp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:42.330746+00:00	Debian Importer	Fixing	VCID-wd9z-d4h5-hkax	https://security-tracker.debian.org/tracker/data/json	38.1.0