Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jjqk-u4vs-tbba
Vulnerability ID VCID-jjqk-u4vs-tbba
Aliases CVE-2013-1397
GHSA-7w53-hfpw-rg3g
Summary Symfony Arbitrary PHP code Execution Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
epss 0.00619 https://api.first.org/data/v1/epss?cve=CVE-2013-1397
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-7w53-hfpw-rg3g
generic_textual HIGH https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml
generic_textual HIGH https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml
generic_textual HIGH https://github.com/symfony/symfony
generic_textual HIGH https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2013-1397
generic_textual HIGH https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
generic_textual HIGH http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2013-1397
https://exchange.xforce.ibmcloud.com/vulnerabilities/81551
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml
https://github.com/symfony/symfony
https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77
https://nvd.nist.gov/vuln/detail/CVE-2013-1397
https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released
GHSA-7w53-hfpw-rg3g https://github.com/advisories/GHSA-7w53-hfpw-rg3g
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.69917
EPSS Score 0.00619
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:09:14.250693+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7w53-hfpw-rg3g/GHSA-7w53-hfpw-rg3g.json 38.0.0