| 0 |
| url |
VCID-27sw-43vt-ukh3 |
| vulnerability_id |
VCID-27sw-43vt-ukh3 |
| summary |
Unrestricted Upload of File with Dangerous Type
When using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19789 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75135 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75216 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75191 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75213 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75192 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75179 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75145 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75168 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.00869 |
| scoring_system |
epss |
| scoring_elements |
0.75138 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19789 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 7 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 8 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 9 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 10 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 11 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 12 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 13 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 14 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 15 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 16 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 15 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 16 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 17 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19789, GHSA-x3cf-w64x-4cp2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-27sw-43vt-ukh3 |
|
| 1 |
| url |
VCID-2hua-7wbd-tqbx |
| vulnerability_id |
VCID-2hua-7wbd-tqbx |
| summary |
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11386 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77843 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77939 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77901 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77891 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77886 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77859 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77877 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.01086 |
| scoring_system |
epss |
| scoring_elements |
0.77849 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11386 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11386 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:N/I:N/A:P |
|
| 1 |
| value |
5.9 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 2 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11386 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11386, GHSA-r2rq-3h56-fqm4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2hua-7wbd-tqbx |
|
| 2 |
| url |
VCID-3uu1-kftu-nbhd |
| vulnerability_id |
VCID-3uu1-kftu-nbhd |
| summary |
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10913 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49076 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49121 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49069 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49097 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.4908 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49083 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49013 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49048 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00257 |
| scoring_system |
epss |
| scoring_elements |
0.49029 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10913 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 5 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 1 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 2 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 3 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 4 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 5 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 6 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 7 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 8 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 9 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 10 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 11 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 12 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 13 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 14 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 15 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10913, GHSA-x92h-wmg2-6hp7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3uu1-kftu-nbhd |
|
| 3 |
| url |
VCID-4mkw-tv16-jyca |
| vulnerability_id |
VCID-4mkw-tv16-jyca |
| summary |
Deserialization of Untrusted Data
In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10912 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01116 |
| scoring_system |
epss |
| scoring_elements |
0.78232 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78349 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78319 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78312 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78366 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78373 |
| published_at |
2026-04-12T12:55:00Z |
|
| 6 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78391 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78364 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78359 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.01135 |
| scoring_system |
epss |
| scoring_elements |
0.78332 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10912 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 5 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 1 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 2 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 3 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 4 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 5 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 6 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 7 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 8 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 9 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 10 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 11 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 12 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 13 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 14 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 15 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10912, GHSA-w2fr-65vp-mxw3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4mkw-tv16-jyca |
|
| 4 |
| url |
VCID-4num-z8cg-83gt |
| vulnerability_id |
VCID-4num-z8cg-83gt |
| summary |
Symfony vulnerable to command execution hijack on Windows with Process class
### Description
On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.
### Resolution
The `Process` class now uses the absolute path to `cmd.exe`.
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9) for branch 5.4.
### Credits
We would like to thank Jordi Boggiano for reporting the issue and Nicolas Grekas for providing the fix. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.7372 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73777 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73735 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73744 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73761 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.7374 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73727 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73692 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00783 |
| scoring_system |
epss |
| scoring_elements |
0.73696 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-51736 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51736 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51736, GHSA-qq5c-677p-737q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4num-z8cg-83gt |
|
| 5 |
| url |
VCID-556v-rym3-6yax |
| vulnerability_id |
VCID-556v-rym3-6yax |
| summary |
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11406 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40045 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40211 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40162 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.4018 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40206 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40195 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40141 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40218 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00184 |
| scoring_system |
epss |
| scoring_elements |
0.40194 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11406 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11406 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11406 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11406, GHSA-g4g7-q726-v5hg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-556v-rym3-6yax |
|
| 6 |
| url |
VCID-636u-5bdw-puh4 |
| vulnerability_id |
VCID-636u-5bdw-puh4 |
| summary |
Cross-site Scripting
In Symfony, validation messages are not escaped, which can lead to XSS when user input is included. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00355 |
| scoring_system |
epss |
| scoring_elements |
0.57834 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58736 |
| published_at |
2026-04-07T12:55:00Z |
|
| 2 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58776 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58814 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58795 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58788 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58663 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58747 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.00369 |
| scoring_system |
epss |
| scoring_elements |
0.58768 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10909 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 5 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 1 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 2 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 3 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 4 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 5 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 6 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 7 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 8 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 9 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 10 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 11 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 12 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 13 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 14 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 15 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-636u-5bdw-puh4 |
|
| 7 |
| url |
VCID-71vh-7wte-kfcx |
| vulnerability_id |
VCID-71vh-7wte-kfcx |
| summary |
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75683 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75745 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75707 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75713 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75732 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75708 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75697 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75663 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.7565 |
| published_at |
2026-04-01T12:55:00Z |
|
| 9 |
| value |
0.00904 |
| scoring_system |
epss |
| scoring_elements |
0.75652 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11385 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11385 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11385 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11385, GHSA-g4rg-rw65-8hfg
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-71vh-7wte-kfcx |
|
| 8 |
| url |
VCID-7sm1-74du-47gc |
| vulnerability_id |
VCID-7sm1-74du-47gc |
| summary |
Symfony Service IDs Allow Injection
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10910 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.11901 |
| scoring_system |
epss |
| scoring_elements |
0.93762 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93863 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93858 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93854 |
| published_at |
2026-04-08T12:55:00Z |
|
| 4 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93846 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93843 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93824 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.12299 |
| scoring_system |
epss |
| scoring_elements |
0.93833 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10910 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 5 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 1 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 2 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 3 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 4 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 5 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 6 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 7 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 8 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 9 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 10 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 11 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 12 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 13 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 14 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 15 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10910, GHSA-pgwj-prpq-jpc2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7sm1-74du-47gc |
|
| 9 |
| url |
VCID-9bzz-84cq-ykh2 |
| vulnerability_id |
VCID-9bzz-84cq-ykh2 |
| summary |
Symfony vulnerable to open redirect via browser-sanitized URLs
### Description
The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.
### Resolution
The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4.
### Credits
We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60271 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60359 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60318 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60337 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60351 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.6033 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60266 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00394 |
| scoring_system |
epss |
| scoring_elements |
0.60297 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50345 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://symfony.com/cve-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50345 |
|
| 10 |
| reference_url |
https://url.spec.whatwg.org |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/ |
|
|
| url |
https://url.spec.whatwg.org |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9bzz-84cq-ykh2 |
|
| 10 |
| url |
VCID-9rsx-fscb-6fh3 |
| vulnerability_id |
VCID-9rsx-fscb-6fh3 |
| summary |
Symfony Unsafe Cache Serialization Could Enable RCE
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18889 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85482 |
| published_at |
2026-04-08T12:55:00Z |
|
| 1 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85523 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85499 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85503 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85504 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.8549 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85426 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85438 |
| published_at |
2026-04-02T12:55:00Z |
|
| 8 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85458 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.02554 |
| scoring_system |
epss |
| scoring_elements |
0.85461 |
| published_at |
2026-04-07T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18889 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.0 |
| purl |
pkg:composer/symfony/symfony@3.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 15 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 16 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 25 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2019-18889, GHSA-79gr-58r3-pwm3
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9rsx-fscb-6fh3 |
|
| 11 |
| url |
VCID-bdhj-np35-sybt |
| vulnerability_id |
VCID-bdhj-np35-sybt |
| summary |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83967 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84016 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.8401 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83986 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.83982 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84045 |
| published_at |
2026-04-16T12:55:00Z |
|
| 6 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84021 |
| published_at |
2026-04-13T12:55:00Z |
|
| 7 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84025 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.02089 |
| scoring_system |
epss |
| scoring_elements |
0.84032 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-46734 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt |
|
| 12 |
| url |
VCID-bhfu-7788-fbhc |
| vulnerability_id |
VCID-bhfu-7788-fbhc |
| summary |
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94921 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94938 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.9493 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94928 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94926 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94895 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94904 |
| published_at |
2026-04-02T12:55:00Z |
|
| 7 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94906 |
| published_at |
2026-04-04T12:55:00Z |
|
| 8 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94908 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.16652 |
| scoring_system |
epss |
| scoring_elements |
0.94917 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14773 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.18 |
| purl |
pkg:composer/symfony/symfony@3.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.14 |
| purl |
pkg:composer/symfony/symfony@3.4.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 15 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 16 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 17 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 18 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.14 |
| purl |
pkg:composer/symfony/symfony@4.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 8 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 9 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 15 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 16 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 17 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 18 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 19 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 20 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 21 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bhfu-7788-fbhc |
|
| 13 |
| url |
VCID-bpkv-qrmp-huac |
| vulnerability_id |
VCID-bpkv-qrmp-huac |
| summary |
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10911 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00272 |
| scoring_system |
epss |
| scoring_elements |
0.50704 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51722 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51739 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51761 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51625 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51676 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51701 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51661 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51712 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00283 |
| scoring_system |
epss |
| scoring_elements |
0.51716 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10911 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 5 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 1 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 2 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 3 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 4 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 5 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 6 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 7 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 8 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 9 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 10 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 11 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 12 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 13 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 14 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 15 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10911, GHSA-cchx-mfrc-fwqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bpkv-qrmp-huac |
|
| 14 |
| url |
VCID-c8ar-82sr-fqej |
| vulnerability_id |
VCID-c8ar-82sr-fqej |
| summary |
Symfony has an incorrect response from Validator when input ends with `\n`
### Description
It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`.
### Resolution
Symfony now uses the `D` regex modifier to match the entire input.
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4.
### Credits
We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.4785 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47934 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.4788 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47871 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47893 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47869 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47874 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47821 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00246 |
| scoring_system |
epss |
| scoring_elements |
0.47872 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-50343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://symfony.com/cve-2024-50343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50343 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ar-82sr-fqej |
|
| 15 |
| url |
VCID-dqaj-qmbd-cya1 |
| vulnerability_id |
VCID-dqaj-qmbd-cya1 |
| summary |
Improper Authentication
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11407 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00141 |
| scoring_system |
epss |
| scoring_elements |
0.34295 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.00141 |
| scoring_system |
epss |
| scoring_elements |
0.34335 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00141 |
| scoring_system |
epss |
| scoring_elements |
0.34307 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00141 |
| scoring_system |
epss |
| scoring_elements |
0.34271 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40563 |
| published_at |
2026-04-01T12:55:00Z |
|
| 5 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40653 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40643 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40593 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40673 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40644 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11407 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11407 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:L/Au:N/C:P/I:P/A:P |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11407 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.7 |
| purl |
pkg:composer/symfony/symfony@3.4.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 11 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 12 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 13 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 14 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 15 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 16 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 17 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 18 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 19 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 20 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 21 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 22 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 23 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 24 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.7 |
| purl |
pkg:composer/symfony/symfony@4.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 16 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 17 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 18 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 19 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 20 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 21 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 22 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 23 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 24 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 25 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7 |
|
|
| aliases |
CVE-2018-11407, GHSA-35c5-28pg-2qg4
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dqaj-qmbd-cya1 |
|
| 16 |
| url |
VCID-e71e-d4tr-wqgz |
| vulnerability_id |
VCID-e71e-d4tr-wqgz |
| summary |
Prevent user enumeration using Guard or the new Authenticator-based Security
Description
-----------
The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.
Resolution
----------
We now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.
Credits
-------
I would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-21424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50055 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50112 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50068 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50072 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50098 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50081 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50017 |
| published_at |
2026-04-01T12:55:00Z |
|
| 7 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50088 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50033 |
| published_at |
2026-04-07T12:55:00Z |
|
| 9 |
| value |
0.00266 |
| scoring_system |
epss |
| scoring_elements |
0.50083 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-21424 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-21424, GHSA-5pv8-ppvj-4h68
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e71e-d4tr-wqgz |
|
| 17 |
| url |
VCID-guzg-x6nu-pygu |
| vulnerability_id |
VCID-guzg-x6nu-pygu |
| summary |
Symfony Http-Kernel has non-constant time comparison in UriSigner
When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18887 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74208 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74292 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74255 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74262 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74281 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7426 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74245 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74212 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.7424 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00813 |
| scoring_system |
epss |
| scoring_elements |
0.74213 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18887 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18887, GHSA-q8hg-pf8v-cxrv
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-guzg-x6nu-pygu |
|
| 18 |
| url |
VCID-jdsd-3vnz-uygn |
| vulnerability_id |
VCID-jdsd-3vnz-uygn |
| summary |
Argument injection in a MimeTypeGuesser in Symfony
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84766 |
| published_at |
2026-04-13T12:55:00Z |
|
| 1 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84787 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84693 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84708 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84728 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84729 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84751 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84758 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84776 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.0231 |
| scoring_system |
epss |
| scoring_elements |
0.84772 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18888 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-18888, GHSA-xhh6-956q-4q69
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jdsd-3vnz-uygn |
|
| 19 |
| url |
VCID-k8zb-z9em-vqgm |
| vulnerability_id |
VCID-k8zb-z9em-vqgm |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.5385 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.5397 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53933 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.5395 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53967 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.5392 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53922 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.5387 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53896 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.00307 |
| scoring_system |
epss |
| scoring_elements |
0.53867 |
| published_at |
2026-04-02T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-11408 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| reference_url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11408 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.8 |
| scoring_system |
cvssv2 |
| scoring_elements |
AV:N/AC:M/Au:N/C:P/I:P/A:N |
|
| 1 |
| value |
6.1 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 2 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://nvd.nist.gov/vuln/detail/CVE-2018-11408 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.3.17 |
| purl |
pkg:composer/symfony/symfony@3.3.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 19 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 20 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 21 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 22 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 24 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 25 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 26 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.4.11 |
| purl |
pkg:composer/symfony/symfony@3.4.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 14 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 15 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 16 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 17 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 18 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 19 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 20 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.0.11 |
| purl |
pkg:composer/symfony/symfony@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 2 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 3 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 4 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 5 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 6 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 10 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 11 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 12 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 13 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 21 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11 |
|
|
| aliases |
CVE-2018-11408, GHSA-7hwc-2cq4-6x2w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8zb-z9em-vqgm |
|
| 20 |
| url |
VCID-kgu6-gj5d-7bfx |
| vulnerability_id |
VCID-kgu6-gj5d-7bfx |
| summary |
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
### Summary
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.
This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.
### Impact
If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive.
The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration).
### Resolution
Upgrade to a Symfony release that includes the fix from symfony/symfony#63164 (which updates Windows argument escaping to ensure arguments containing = and other MSYS2-sensitive characters are properly quoted/escaped).
The patch for branch 5.4 is available at https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b
### Workarounds / Mitigations
Avoid running PHP/your tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables.
Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2.
Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24739 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00719 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
8e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00716 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00895 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00894 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00899 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00911 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00913 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.0091 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
9e-05 |
| scoring_system |
epss |
| scoring_elements |
0.00892 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-24739 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgu6-gj5d-7bfx |
|
| 21 |
| url |
VCID-p1dw-w76f-gbfv |
| vulnerability_id |
VCID-p1dw-w76f-gbfv |
| summary |
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14662 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.01842 |
| scoring_system |
epss |
| scoring_elements |
0.82999 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83544 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.0197 |
| scoring_system |
epss |
| scoring_elements |
0.83538 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.02482 |
| scoring_system |
epss |
| scoring_elements |
0.85295 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88321 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88316 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88296 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.03928 |
| scoring_system |
epss |
| scoring_elements |
0.88291 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-64500 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-w76f-gbfv |
|
| 22 |
| url |
VCID-qwcj-hq3g-2qd7 |
| vulnerability_id |
VCID-qwcj-hq3g-2qd7 |
| summary |
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23601 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38797 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.3878 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38735 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38762 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38798 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38787 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38726 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00173 |
| scoring_system |
epss |
| scoring_elements |
0.38775 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-23601 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcj-hq3g-2qd7 |
|
| 23 |
| url |
VCID-rgh3-ef8t-k3ec |
| vulnerability_id |
VCID-rgh3-ef8t-k3ec |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40689 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40678 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40634 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40653 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40688 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.4067 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.4061 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00188 |
| scoring_system |
epss |
| scoring_elements |
0.40661 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24894 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rgh3-ef8t-k3ec |
|
| 24 |
| url |
VCID-skth-cf6d-3ubr |
| vulnerability_id |
VCID-skth-cf6d-3ubr |
| summary |
Cross-site Scripting
The debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66206 |
| published_at |
2026-04-16T12:55:00Z |
|
| 1 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.6617 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66097 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66138 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66165 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66133 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66182 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66195 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66214 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00504 |
| scoring_system |
epss |
| scoring_elements |
0.66201 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-18343 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.2.13 |
| purl |
pkg:composer/symfony/symfony@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-hxhq-zdyu-dudz |
|
| 19 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 20 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 21 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 22 |
| vulnerability |
VCID-mm7e-kb6c-vucx |
|
| 23 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 24 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 25 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 26 |
| vulnerability |
VCID-t2dx-5us4-mkf1 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 29 |
| vulnerability |
VCID-vpsz-zhhq-xfbw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@3.3.6 |
| purl |
pkg:composer/symfony/symfony@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-27sw-43vt-ukh3 |
|
| 1 |
| vulnerability |
VCID-2hua-7wbd-tqbx |
|
| 2 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 3 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 4 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 5 |
| vulnerability |
VCID-556v-rym3-6yax |
|
| 6 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 7 |
| vulnerability |
VCID-71vh-7wte-kfcx |
|
| 8 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 9 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 10 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 11 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 12 |
| vulnerability |
VCID-bhfu-7788-fbhc |
|
| 13 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 14 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 15 |
| vulnerability |
VCID-dqaj-qmbd-cya1 |
|
| 16 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 17 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 18 |
| vulnerability |
VCID-hxhq-zdyu-dudz |
|
| 19 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 20 |
| vulnerability |
VCID-k8zb-z9em-vqgm |
|
| 21 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 22 |
| vulnerability |
VCID-mm7e-kb6c-vucx |
|
| 23 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 24 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 25 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 26 |
| vulnerability |
VCID-t2dx-5us4-mkf1 |
|
| 27 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 28 |
| vulnerability |
VCID-v81g-hqja-hue2 |
|
| 29 |
| vulnerability |
VCID-vpsz-zhhq-xfbw |
|
| 30 |
| vulnerability |
VCID-z2r1-8bdp-w7f5 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6 |
|
|
| aliases |
CVE-2017-18343
|
| risk_score |
2.8 |
| exploitability |
0.5 |
| weighted_severity |
5.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-skth-cf6d-3ubr |
|
| 25 |
| url |
VCID-thtp-ehsj-t3ej |
| vulnerability_id |
VCID-thtp-ehsj-t3ej |
| summary |
Duplicate
This advisory duplicates another. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05621 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05639 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05684 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0569 |
| published_at |
2026-04-12T12:55:00Z |
|
| 4 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05697 |
| published_at |
2026-04-11T12:55:00Z |
|
| 5 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05718 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05691 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.05653 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00021 |
| scoring_system |
epss |
| scoring_elements |
0.0566 |
| published_at |
2026-04-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-24895 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-thtp-ehsj-t3ej |
|
| 26 |
| url |
VCID-v81g-hqja-hue2 |
| vulnerability_id |
VCID-v81g-hqja-hue2 |
| summary |
URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19790 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63423 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63542 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63525 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63473 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63509 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63483 |
| published_at |
2026-04-02T12:55:00Z |
|
| 6 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63545 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63543 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00447 |
| scoring_system |
epss |
| scoring_elements |
0.63559 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-19790 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@3.4.20 |
| purl |
pkg:composer/symfony/symfony@3.4.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 7 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 8 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 9 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 10 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 11 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 12 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 13 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 14 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 15 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 16 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.0.15 |
| purl |
pkg:composer/symfony/symfony@4.0.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 7 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 8 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 9 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 10 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 11 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 12 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 13 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 14 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 15 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 16 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 17 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15 |
|
| 2 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 3 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3uu1-kftu-nbhd |
|
| 1 |
| vulnerability |
VCID-4mkw-tv16-jyca |
|
| 2 |
| vulnerability |
VCID-4num-z8cg-83gt |
|
| 3 |
| vulnerability |
VCID-636u-5bdw-puh4 |
|
| 4 |
| vulnerability |
VCID-7sm1-74du-47gc |
|
| 5 |
| vulnerability |
VCID-9bzz-84cq-ykh2 |
|
| 6 |
| vulnerability |
VCID-9qrr-z4mp-vyfp |
|
| 7 |
| vulnerability |
VCID-9rsx-fscb-6fh3 |
|
| 8 |
| vulnerability |
VCID-bdhj-np35-sybt |
|
| 9 |
| vulnerability |
VCID-bpkv-qrmp-huac |
|
| 10 |
| vulnerability |
VCID-c8ar-82sr-fqej |
|
| 11 |
| vulnerability |
VCID-e71e-d4tr-wqgz |
|
| 12 |
| vulnerability |
VCID-guzg-x6nu-pygu |
|
| 13 |
| vulnerability |
VCID-j2su-wjra-tbh1 |
|
| 14 |
| vulnerability |
VCID-jdsd-3vnz-uygn |
|
| 15 |
| vulnerability |
VCID-kgu6-gj5d-7bfx |
|
| 16 |
| vulnerability |
VCID-p1dw-w76f-gbfv |
|
| 17 |
| vulnerability |
VCID-qwcj-hq3g-2qd7 |
|
| 18 |
| vulnerability |
VCID-rgh3-ef8t-k3ec |
|
| 19 |
| vulnerability |
VCID-thtp-ehsj-t3ej |
|
| 20 |
| vulnerability |
VCID-wd9z-d4h5-hkax |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19790, GHSA-89r2-5g34-2g47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v81g-hqja-hue2 |
|