{"url":"http://public2.vulnerablecode.io/api/packages/148015?format=json","purl":"pkg:composer/symfony/symfony@2.0.14","type":"composer","namespace":"symfony","name":"symfony","version":"2.0.14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.51","latest_non_vulnerable_version":"8.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6762?format=json","vulnerability_id":"VCID-23wm-y6hh-hfd3","summary":"Routes behind a firewall are accessible even when not logged in\nSymfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44307","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44574","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44628","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44644","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44595","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44537","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44615","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44636","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496"},{"reference_url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-83c3-qx27-2rwr","reference_id":"GHSA-83c3-qx27-2rwr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83c3-qx27-2rwr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20129?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"}],"aliases":["CVE-2012-6431","GHSA-83c3-qx27-2rwr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23wm-y6hh-hfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9451?format=json","vulnerability_id":"VCID-2hua-7wbd-tqbx","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77996","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77986","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77973","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77965","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77938","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77886","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77877","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77843","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77939","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.77901","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"},{"reference_url":"https://github.com/advisories/GHSA-r2rq-3h56-fqm4","reference_id":"GHSA-r2rq-3h56-fqm4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r2rq-3h56-fqm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29095?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/29019?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/29869?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/29020?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/29021?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hua-7wbd-tqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19784?format=json","vulnerability_id":"VCID-446x-j2gr-f3a2","summary":"Symfony2 security issue when the trust proxy mode is enabled\nAn application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.\n\nTo fix this security issue, the following changes have been made to all versions of Symfony2:\n\nA new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:\n```\n// before (probably in your front controller script)\nRequest::trustProxyData();\n\n// after\nRequest::setTrustedProxies(array('1.1.1.1'));\n// 1.1.1.1 being the IP address of a trusted reverse proxy\n```\nThe Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):\n```\nRequest::trustProxyData();\n\n// is equivalent to\nRequest::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));\n```\nWe encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:\n\n- [Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19\n- [Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml"},{"reference_url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34"},{"reference_url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35"},{"reference_url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b"},{"reference_url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"},{"reference_url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww","reference_id":"GHSA-vfm6-r2gc-pwww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20129?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20130?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["GHSA-vfm6-r2gc-pwww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-446x-j2gr-f3a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17406?format=json","vulnerability_id":"VCID-4num-z8cg-83gt","summary":"Symfony vulnerable to command execution hijack on Windows with Process class\n### Description\n\nOn Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.\n\n### Resolution\n\nThe `Process` class now uses the absolute path to `cmd.exe`.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9) for branch 5.4.\n\n### Credits\n\nWe would like to thank Jordi Boggiano for reporting the issue and Nicolas Grekas for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73785","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73761","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7374","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7372","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56677?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/56679?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/722740?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/56682?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/722756?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4num-z8cg-83gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9449?format=json","vulnerability_id":"VCID-556v-rym3-6yax","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40045","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39703","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39833","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39914","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40103","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40181","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40211","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40162","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40206","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40195","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40141","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40194","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"},{"reference_url":"https://github.com/advisories/GHSA-g4g7-q726-v5hg","reference_id":"GHSA-g4g7-q726-v5hg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4g7-q726-v5hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29095?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/29019?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/29869?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/29020?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/29021?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-556v-rym3-6yax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7001?format=json","vulnerability_id":"VCID-6cea-up73-y3hn","summary":"Improper Authorization\nSecurity issue when parsing the Authorization header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904"},{"reference_url":"https://github.com/symfony/symfony/pull/11829","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11829"},{"reference_url":"https://symfony.com/cve-2014-6061","reference_id":"CVE-2014-6061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6061"},{"reference_url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829","reference_id":"GHSA-h7v2-2qwg-h829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21132?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20753?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150538?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20754?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6061","GHSA-h7v2-2qwg-h829"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cea-up73-y3hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6999?format=json","vulnerability_id":"VCID-6z5x-uwjt-uueq","summary":"Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in the Web Profiler.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02"},{"reference_url":"https://github.com/symfony/symfony/pull/11832","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11832"},{"reference_url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36"},{"reference_url":"https://symfony.com/cve-2014-6072","reference_id":"CVE-2014-6072","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6072"},{"reference_url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw","reference_id":"GHSA-v35g-4rrw-h4fw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21132?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20753?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150538?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20754?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6072","GHSA-v35g-4rrw-h4fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z5x-uwjt-uueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9447?format=json","vulnerability_id":"VCID-71vh-7wte-kfcx","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75799","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.7579","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75773","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75748","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75745","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75707","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75713","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75732","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75708","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75697","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75663","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.75683","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.7565","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"},{"reference_url":"https://github.com/advisories/GHSA-g4rg-rw65-8hfg","reference_id":"GHSA-g4rg-rw65-8hfg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4rg-rw65-8hfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29095?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/29019?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/29869?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/29020?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/29021?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71vh-7wte-kfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17179?format=json","vulnerability_id":"VCID-9bzz-84cq-ykh2","summary":"Symfony vulnerable to open redirect via browser-sanitized URLs\n### Description\n\nThe `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.\n\n### Resolution\n\nThe `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4.\n\n### Credits\n\nWe would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60271","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60326","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60367","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60359","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.6033","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60316","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60297","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56677?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/56679?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/722740?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/56682?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/722756?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bzz-84cq-ykh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7000?format=json","vulnerability_id":"VCID-ahhz-bs6u-f3bc","summary":"Improper Access Control\nDirect access of ESI URLs behind a trusted proxy.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5"},{"reference_url":"https://github.com/symfony/symfony/pull/11831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11831"},{"reference_url":"https://symfony.com/cve-2014-5245","reference_id":"CVE-2014-5245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5245"},{"reference_url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm","reference_id":"GHSA-wvjv-p5rr-mmqm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21132?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20753?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150538?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20754?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5245","GHSA-wvjv-p5rr-mmqm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahhz-bs6u-f3bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19769?format=json","vulnerability_id":"VCID-bdhj-np35-sybt","summary":"Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.83967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84047","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84025","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84032","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.84016","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.8401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.83986","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02089","scoring_system":"epss","scoring_elements":"0.83982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85186","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85143","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85166","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85175","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85172","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"CVE-2023-46734.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61038?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/214159?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61031?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61032?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-pdcr-fsbk-63bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/632545?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-pdcr-fsbk-63bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9718?format=json","vulnerability_id":"VCID-bhfu-7788-fbhc","summary":"URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94945","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94946","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94895","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94906","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94908","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94921","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94926","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.94938","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.9493","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29874?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/29864?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/29875?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/29865?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/29866?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/29867?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9qrr-z4mp-vyfp"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-j2su-wjra-tbh1"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfu-7788-fbhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6961?format=json","vulnerability_id":"VCID-bny7-h1nn-bkbc","summary":"Code Injection\nThe `Yaml::parse` function in Symfony allows remote attackers to execute arbitrary PHP code via a PHP file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1348","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7005","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70073","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69969","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69986","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1348"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81550","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81550"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1348","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1348"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574"},{"reference_url":"https://github.com/advisories/GHSA-2r5h-6r7v-5m7c","reference_id":"GHSA-2r5h-6r7v-5m7c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r5h-6r7v-5m7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20701?format=json","purl":"pkg:composer/symfony/symfony@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22"}],"aliases":["CVE-2013-1348","GHSA-2r5h-6r7v-5m7c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bny7-h1nn-bkbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17247?format=json","vulnerability_id":"VCID-c8ar-82sr-fqej","summary":"Symfony has an incorrect response from Validator when input ends with `\\n`\n### Description\n\nIt is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`.\n\n### Resolution\n\nSymfony now uses the `D` regex modifier to match the entire input.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4.\n\n### Credits\n\nWe would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47738","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4788","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47871","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47874","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4785","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57041?format=json","purl":"pkg:composer/symfony/symfony@5.4.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/57046?format=json","purl":"pkg:composer/symfony/symfony@6.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/57048?format=json","purl":"pkg:composer/symfony/symfony@7.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ar-82sr-fqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7122?format=json","vulnerability_id":"VCID-d1kp-7aht-9qa2","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67761","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67755","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67781","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.677","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67732","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://github.com/advisories/GHSA-5c58-w9xc-qcj9","reference_id":"GHSA-5c58-w9xc-qcj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c58-w9xc-qcj9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21076?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/21077?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/21078?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1kp-7aht-9qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7043?format=json","vulnerability_id":"VCID-hzwd-mq3r-qfcb","summary":"Uncontrolled Resource Consumption\nThe Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64783","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64781","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64779","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64789","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64794","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64803","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64701","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/symfony/polyfill/pull/155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/polyfill/pull/155"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/issues/11522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/issues/11522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-cr49-fx2v-9p57","reference_id":"GHSA-cr49-fx2v-9p57","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr49-fx2v-9p57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20932?format=json","purl":"pkg:composer/symfony/symfony@2.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/20933?format=json","purl":"pkg:composer/symfony/symfony@2.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/20934?format=json","purl":"pkg:composer/symfony/symfony@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/20935?format=json","purl":"pkg:composer/symfony/symfony@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.6"}],"aliases":["CVE-2013-5958","GHSA-cr49-fx2v-9p57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hzwd-mq3r-qfcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50580?format=json","vulnerability_id":"VCID-jdsd-3vnz-uygn","summary":"Argument injection in a MimeTypeGuesser in Symfony\nAn issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84693","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84838","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84787","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84728","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84708","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84822","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84813","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.84789","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78866?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/78851?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/73083?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9qrr-z4mp-vyfp"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-j2su-wjra-tbh1"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/73084?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-j2su-wjra-tbh1"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsd-3vnz-uygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55437?format=json","vulnerability_id":"VCID-jjqk-u4vs-tbba","summary":"Symfony Arbitrary PHP code Execution\nSymfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\\Parser::parse function, a different vulnerability than CVE-2013-1348.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7005","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70015","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70073","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69929","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69944","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69922","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69969","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.69986","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g","reference_id":"GHSA-7w53-hfpw-rg3g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20701?format=json","purl":"pkg:composer/symfony/symfony@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/82527?format=json","purl":"pkg:composer/symfony/symfony@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/82526?format=json","purl":"pkg:composer/symfony/symfony@2.2.0-BETA2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0-BETA2"}],"aliases":["CVE-2013-1397","GHSA-7w53-hfpw-rg3g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqk-u4vs-tbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19041?format=json","vulnerability_id":"VCID-k37h-bhh2-myaj","summary":"Symfony XML Entity Expansion security vulnerability\nSymfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean \"No Entities\"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.\n\nConsider this (non-fatal) example:\n\n<?xml version=\"1.0\"?>\n<!DOCTYPE data [<!ENTITY a\n\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\">]>\n<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>\nIncrease the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.\n\n...\n\nThis can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md"},{"reference_url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-17-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-17-released"},{"reference_url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942","reference_id":"GHSA-q2gc-gg3x-7942","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20094?format=json","purl":"pkg:composer/symfony/symfony@2.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17"}],"aliases":["GHSA-q2gc-gg3x-7942"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k37h-bhh2-myaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14567?format=json","vulnerability_id":"VCID-k8ze-h7fe-fkg2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_allow list] parameters to system/preferences.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5076","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50602","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5079","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50732","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50744","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50784","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50681","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50727","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50718","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50653","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766"},{"reference_url":"https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html","reference_id":"","reference_type":"","scores":[],"url":"https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/60","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/60"},{"reference_url":"https://github.com/symphonycms/symphony-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2"},{"reference_url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getsymphony.com/download/releases/version/2.6.4"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getsymphony.com/download/releases/version/2.6.4/"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766","reference_id":"CVE-2015-8766","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766"},{"reference_url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html","reference_id":"CVE-2015-8766-GETSYMPHONEY.HTML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html"},{"reference_url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3","reference_id":"GHSA-4c5w-qqfg-grf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51070?format=json","purl":"pkg:composer/symfony/symfony@2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.4"}],"aliases":["CVE-2015-8766","GHSA-4c5w-qqfg-grf3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8ze-h7fe-fkg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20306?format=json","vulnerability_id":"VCID-kgu6-gj5d-7bfx","summary":"Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\n### Summary\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.\n\n### Impact\nIf an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive.\n\nThe issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration).\n\n### Resolution\nUpgrade to a Symfony release that includes the fix from symfony/symfony#63164 (which updates Windows argument escaping to ensure arguments containing = and other MSYS2-sensitive characters are properly quoted/escaped).\nThe patch for branch 5.4 is available at https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b\n\n### Workarounds / Mitigations\nAvoid running PHP/your tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables.\nAvoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2.\nWhere applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00719","published_at":"2026-04-02T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00716","published_at":"2026-04-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00956","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00952","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00949","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00892","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00895","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00899","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00911","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00913","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0091","published_at":"2026-04-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00894","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0095","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61813?format=json","purl":"pkg:composer/symfony/symfony@5.4.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61815?format=json","purl":"pkg:composer/symfony/symfony@6.4.33","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33"},{"url":"http://public2.vulnerablecode.io/api/packages/722740?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61816?format=json","purl":"pkg:composer/symfony/symfony@7.3.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/843775?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61818?format=json","purl":"pkg:composer/symfony/symfony@7.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/899130?format=json","purl":"pkg:composer/symfony/symfony@8.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61822?format=json","purl":"pkg:composer/symfony/symfony@8.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgu6-gj5d-7bfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7412?format=json","vulnerability_id":"VCID-nsk8-bk5e-tbfh","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80782","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.8072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80721","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80764","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm","reference_id":"GHSA-whgv-8cg3-7hcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22394?format=json","purl":"pkg:composer/symfony/symfony@2.3.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.41"},{"url":"http://public2.vulnerablecode.io/api/packages/22396?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-t2dx-5us4-mkf1"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/22398?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/22400?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk8-bk5e-tbfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22277?format=json","vulnerability_id":"VCID-p1dw-w76f-gbfv","summary":"Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14662","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01842","scoring_system":"epss","scoring_elements":"0.82999","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83538","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0197","scoring_system":"epss","scoring_elements":"0.83544","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02191","scoring_system":"epss","scoring_elements":"0.84413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02247","scoring_system":"epss","scoring_elements":"0.84655","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02482","scoring_system":"epss","scoring_elements":"0.85295","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.85677","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.85689","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03928","scoring_system":"epss","scoring_elements":"0.88296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03928","scoring_system":"epss","scoring_elements":"0.88291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03928","scoring_system":"epss","scoring_elements":"0.88321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03928","scoring_system":"epss","scoring_elements":"0.88316","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64865?format=json","purl":"pkg:composer/symfony/symfony@5.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/64866?format=json","purl":"pkg:composer/symfony/symfony@6.4.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29"},{"url":"http://public2.vulnerablecode.io/api/packages/722740?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/64867?format=json","purl":"pkg:composer/symfony/symfony@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kgu6-gj5d-7bfx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/843775?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-w76f-gbfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7002?format=json","vulnerability_id":"VCID-qty4-cyfa-rugw","summary":"Uncontrolled Resource Consumption\nDenial of service with a malicious HTTP Host header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8"},{"reference_url":"https://github.com/symfony/symfony/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11828"},{"reference_url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header"},{"reference_url":"https://symfony.com/cve-2014-5244","reference_id":"CVE-2014-5244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5244"},{"reference_url":"https://github.com/advisories/GHSA-v77v-x634-9m56","reference_id":"GHSA-v77v-x634-9m56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v77v-x634-9m56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21132?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20753?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150538?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20754?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5244","GHSA-v77v-x634-9m56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qty4-cyfa-rugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12454?format=json","vulnerability_id":"VCID-qwcj-hq3g-2qd7","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38758","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38678","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38496","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38407","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44488?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/44491?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/44494?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcj-hq3g-2qd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16304?format=json","vulnerability_id":"VCID-rgh3-ef8t-k3ec","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39399","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40455","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40688","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40689","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55650?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/214159?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55651?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55652?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/354522?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55653?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/354534?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55654?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-pdcr-fsbk-63bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgh3-ef8t-k3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6763?format=json","vulnerability_id":"VCID-rxbg-gmn6-kbeq","summary":"Code Injection\nSymfony, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a `/_internal` substring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6432","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62546","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62583","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62589","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62598","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62433","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62491","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62523","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.6249","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62541","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62564","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6432"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6432.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6432.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6432","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6432"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-89cp-fvcc-hxh7","reference_id":"GHSA-89cp-fvcc-hxh7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89cp-fvcc-hxh7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20149?format=json","purl":"pkg:composer/symfony/symfony@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/20150?format=json","purl":"pkg:composer/symfony/symfony@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.5"}],"aliases":["CVE-2012-6432","GHSA-89cp-fvcc-hxh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxbg-gmn6-kbeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6844?format=json","vulnerability_id":"VCID-rztj-ug83-dyga","summary":"Information Exporure\n`Request::getHost()` poisoning vulnerability in Symfony.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76108","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76064","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76066","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76051","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76039","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76003","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76153","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76162","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76141","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752"},{"reference_url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715"},{"reference_url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp","reference_id":"GHSA-22pv-7v9j-hqxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20355?format=json","purl":"pkg:composer/symfony/symfony@2.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/20356?format=json","purl":"pkg:composer/symfony/symfony@2.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/20357?format=json","purl":"pkg:composer/symfony/symfony@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20358?format=json","purl":"pkg:composer/symfony/symfony@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3"}],"aliases":["CVE-2013-4752","GHSA-22pv-7v9j-hqxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rztj-ug83-dyga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55222?format=json","vulnerability_id":"VCID-sfzy-423b-j3b4","summary":"Symfony collectionCascaded and collectionCascadedDeeply fields security bypass\nWhen using the Validator component, if `Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\ApcCache` is enabled (or any other cache implementing `Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields).\n\nAs a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68516","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68567","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68551","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68498","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68435","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6853","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68542","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68583","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68529","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86364","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86364"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml"},{"reference_url":"https://github.com/symfony/validator","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/validator"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4751"},{"reference_url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709"},{"reference_url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"http://www.securityfocus.com/bid/61709","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/61709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-q8j7-fjh7-25v5","reference_id":"GHSA-q8j7-fjh7-25v5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8j7-fjh7-25v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20355?format=json","purl":"pkg:composer/symfony/symfony@2.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/20356?format=json","purl":"pkg:composer/symfony/symfony@2.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/20357?format=json","purl":"pkg:composer/symfony/symfony@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20358?format=json","purl":"pkg:composer/symfony/symfony@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3"}],"aliases":["CVE-2013-4751","GHSA-q8j7-fjh7-25v5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzy-423b-j3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9634?format=json","vulnerability_id":"VCID-skth-cf6d-3ubr","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66097","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66133","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66214","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66201","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66219","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66228","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66241","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343"},{"reference_url":"https://github.com/barryvdh/laravel-debugbar/issues/850","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/barryvdh/laravel-debugbar/issues/850"},{"reference_url":"https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c"},{"reference_url":"https://github.com/symfony/symfony/issues/27987","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/issues/27987"},{"reference_url":"https://github.com/symfony/symfony/pull/23684","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/23684"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29516?format=json","purl":"pkg:composer/symfony/symfony@2.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-t2dx-5us4-mkf1"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33"},{"url":"http://public2.vulnerablecode.io/api/packages/29517?format=json","purl":"pkg:composer/symfony/symfony@2.8.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26"},{"url":"http://public2.vulnerablecode.io/api/packages/29034?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-t2dx-5us4-mkf1"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/29518?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-9rsx-fscb-6fh3"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-t2dx-5us4-mkf1"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skth-cf6d-3ubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6984?format=json","vulnerability_id":"VCID-srrc-wxew-1fc6","summary":"Code Injection\nCode injection in the way Symfony implements translation caching in FrameworkBundle.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"},{"reference_url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h","reference_id":"GHSA-wfv7-5x33-v22h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21132?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20753?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/150538?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20754?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-4931","GHSA-wfv7-5x33-v22h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srrc-wxew-1fc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16307?format=json","vulnerability_id":"VCID-thtp-ehsj-t3ej","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0589","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0566","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05653","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05691","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05718","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05684","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05639","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05651","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05867","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05878","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55650?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/214159?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55651?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/354506?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55652?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/354522?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55653?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/354534?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55654?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-8kq8-2mv9-s3ad"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-en6a-wp7q-fbfs"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-pdcr-fsbk-63bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thtp-ehsj-t3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6755?format=json","vulnerability_id":"VCID-u84h-sr6a-4uc7","summary":"Information Exposure\nRequest::getClientIp() when the trust proxy mode is enabled.","references":[{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20129?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/148018?format=json","purl":"pkg:composer/symfony/symfony@2.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/20130?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["2012-11-29"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u84h-sr6a-4uc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6745?format=json","vulnerability_id":"VCID-unuf-vj1b-qbhr","summary":"Improper Restriction of XML External Entity Reference\nSecurity fixes related to the way XML is handled in symfony.","references":[{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-17-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/security-release-symfony-2-0-17-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20094?format=json","purl":"pkg:composer/symfony/symfony@2.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/148018?format=json","purl":"pkg:composer/symfony/symfony@2.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1"}],"aliases":["2012-08-28"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-unuf-vj1b-qbhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7096?format=json","vulnerability_id":"VCID-wwhm-mrr3-v7h3","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21076?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/150527?format=json","purl":"pkg:composer/symfony/symfony@2.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/21077?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/152148?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/21078?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19493?format=json","vulnerability_id":"VCID-xmur-ps51-myfu","summary":"Symfony2 improper IP based access control\nDamien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()).\n\nAn application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.\n\nTo fix this security issue, the following changes have been made to all versions of Symfony2:\n\nA new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:\n```\n// before (probably in your front controller script)\nRequest::trustProxyData();\n```\n```\n// after\nRequest::setTrustedProxies(array('1.1.1.1'));\n// 1.1.1.1 being the IP address of a trusted reverse proxy\n```\nThe Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):\n```\nRequest::trustProxyData();\n```\n```\n// is equivalent to\nRequest::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));\n```\nWe encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:\n\n[Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19\n[Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-11-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-11-29.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/922c2015f61a7205180d423dce1f7365cc2d8460","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/922c2015f61a7205180d423dce1f7365cc2d8460"},{"reference_url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"},{"reference_url":"https://github.com/advisories/GHSA-hx53-jchx-cr52","reference_id":"GHSA-hx53-jchx-cr52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hx53-jchx-cr52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20129?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/20130?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["GHSA-hx53-jchx-cr52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmur-ps51-myfu"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.14"}