{"url":"http://public2.vulnerablecode.io/api/packages/153643?format=json","purl":"pkg:composer/symfony/form@2.7.4","type":"composer","namespace":"symfony","name":"form","version":"2.7.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0-BETA1","latest_non_vulnerable_version":"6.3.0-BETA1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7223?format=json","vulnerability_id":"VCID-5u5z-qzg2-sbhg","summary":"Information Exposure Through Timing Discrepancy\nSymfony allows remote attackers to have unspecified impact via a timing attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77155","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77039","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7702","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77052","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77062","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77071","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77107","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77109","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77134","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7714","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77004","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16630","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16630"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125"},{"reference_url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service"},{"reference_url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/77692"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2015-8125","reference_id":"CVE-2015-8125","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8125"},{"reference_url":"https://github.com/advisories/GHSA-g97c-jfx6-xvxh","reference_id":"GHSA-g97c-jfx6-xvxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g97c-jfx6-xvxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21392?format=json","purl":"pkg:composer/symfony/form@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.7.7"}],"aliases":["CVE-2015-8125","GHSA-g97c-jfx6-xvxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5u5z-qzg2-sbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9724?format=json","vulnerability_id":"VCID-hxhq-zdyu-dudz","summary":"Attacker can read all files content on the server\nWhen a form is submitted by the user, the request handler classes of the Form component merge POST data (known as the `$_POST` array in plain PHP) and uploaded files data (known as the `$_FILES` array in plain PHP) into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a `FileType` is sent as normal `POST` data that could be interpreted as a locale file path on the server-side (for example, `file:///etc/passwd`). If the application did not perform any additional checks about the value submitted to the `FileType`, the contents of the given file on the server could have been exposed to the attacker.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71782","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71654","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.7166","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71691","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71702","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71709","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71741","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71723","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.71772","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/symfony/form","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/form"},{"reference_url":"https://github.com/symfony/symfony/pull/24993","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790"},{"reference_url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"},{"reference_url":"https://symfony.com/cve-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16790"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"CVE-2017-16790-ENSURE-THAT-SUBMITTED-DATA-ARE-UPLOADED-FILES","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"},{"reference_url":"https://github.com/advisories/GHSA-cqqh-94r6-wjrg","reference_id":"GHSA-cqqh-94r6-wjrg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cqqh-94r6-wjrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29903?format=json","purl":"pkg:composer/symfony/form@2.7.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/29904?format=json","purl":"pkg:composer/symfony/form@2.8.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.8.31"},{"url":"http://public2.vulnerablecode.io/api/packages/29905?format=json","purl":"pkg:composer/symfony/form@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/29906?format=json","purl":"pkg:composer/symfony/form@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/29907?format=json","purl":"pkg:composer/symfony/form@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/29908?format=json","purl":"pkg:composer/symfony/form@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@4.0.0-BETA5"}],"aliases":["CVE-2017-16790","GHSA-cqqh-94r6-wjrg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxhq-zdyu-dudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12454?format=json","vulnerability_id":"VCID-qwcj-hq3g-2qd7","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38407","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38496","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38678","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38758","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38797","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44563?format=json","purl":"pkg:composer/symfony/form@5.3.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/279386?format=json","purl":"pkg:composer/symfony/form@5.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rgh3-ef8t-k3ec"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@5.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/44565?format=json","purl":"pkg:composer/symfony/form@5.4.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/279388?format=json","purl":"pkg:composer/symfony/form@6.0.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/44567?format=json","purl":"pkg:composer/symfony/form@6.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/279392?format=json","purl":"pkg:composer/symfony/form@6.2.0-BETA3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.2.0-BETA3"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcj-hq3g-2qd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16304?format=json","vulnerability_id":"VCID-rgh3-ef8t-k3ec","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40661","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40374","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40455","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4057","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40648","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40653","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40688","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40689","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55707?format=json","purl":"pkg:composer/symfony/form@4.4.50","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/248841?format=json","purl":"pkg:composer/symfony/form@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qwcj-hq3g-2qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55708?format=json","purl":"pkg:composer/symfony/form@5.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qwcj-hq3g-2qd7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@5.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55709?format=json","purl":"pkg:composer/symfony/form@6.0.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/354992?format=json","purl":"pkg:composer/symfony/form@6.1.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55710?format=json","purl":"pkg:composer/symfony/form@6.1.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/355002?format=json","purl":"pkg:composer/symfony/form@6.2.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/55711?format=json","purl":"pkg:composer/symfony/form@6.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/355005?format=json","purl":"pkg:composer/symfony/form@6.3.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@6.3.0-BETA1"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgh3-ef8t-k3ec"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/form@2.7.4"}