Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-thtp-ehsj-t3ej
Vulnerability ID VCID-thtp-ehsj-t3ej
Aliases CVE-2022-24895
GHSA-3gv2-29qc-v67m
GMS-2023-210
GMS-2023-211
Summary Duplicate This advisory duplicates another.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-384 Session Fixation
CWE-613 Insufficient Session Expiration
System Score Found at
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2022-24895
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3gv2-29qc-v67m
cvssv3.1 6.3 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
ssvc Track https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
cvssv3.1 6.3 https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
cvssv3.1 6.3 https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
generic_textual MODERATE https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
ssvc Track https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
cvssv3.1 6.3 https://github.com/symfony/symfony
generic_textual MODERATE https://github.com/symfony/symfony
cvssv3.1 6.3 https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
generic_textual MODERATE https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
ssvc Track https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
cvssv3.1 6.3 https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
cvssv3.1_qr MODERATE https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
generic_textual MODERATE https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
ssvc Track https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
cvssv3.1 6.3 https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
cvssv3.1 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24895
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-24895
cvssv3.1 6.3 https://symfony.com/cve-2022-24895
generic_textual MODERATE https://symfony.com/cve-2022-24895
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-24895
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895
https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
https://github.com/symfony/symfony
https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
CVE-2022-24895 https://nvd.nist.gov/vuln/detail/CVE-2022-24895
CVE-2022-24895 https://symfony.com/cve-2022-24895
CVE-2022-24895.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
CVE-2022-24895.YAML https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
GHSA-3gv2-29qc-v67m https://github.com/advisories/GHSA-3gv2-29qc-v67m
GHSA-3gv2-29qc-v67m https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
USN-7272-1 https://usn.ubuntu.com/7272-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/ Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/ Found at https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/symfony/symfony
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/ Found at https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/ Found at https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24895
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://symfony.com/cve-2022-24895
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05621
EPSS Score 0.00021
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:50.531750+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/GMS-2023-211.yml 38.0.0