{"url":"http://public2.vulnerablecode.io/api/packages/196811?format=json","purl":"pkg:composer/symfony/symfony@2.0.15","type":"composer","namespace":"symfony","name":"symfony","version":"2.0.15","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.51","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42234?format=json","vulnerability_id":"VCID-15tu-dfam-yqgh","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38571","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60330?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/60331?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37724?format=json","vulnerability_id":"VCID-2kf8-ugvv-tbb8","summary":"Code Injection\nCode injection in the way Symfony implements translation caching in FrameworkBundle.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"},{"reference_url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h","reference_id":"GHSA-wfv7-5x33-v22h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52295?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51932?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199341?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-4931","GHSA-wfv7-5x33-v22h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kf8-ugvv-tbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52037?format=json","vulnerability_id":"VCID-37et-21qw-skd7","summary":"Improper Input Validation\nIf an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85085","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76251?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/76252?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/76253?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/76248?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40103?format=json","vulnerability_id":"VCID-3qct-gbgt-kkbb","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66533","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66573","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56128?format=json","purl":"pkg:composer/symfony/symfony@2.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33"},{"url":"http://public2.vulnerablecode.io/api/packages/56129?format=json","purl":"pkg:composer/symfony/symfony@2.8.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26"},{"url":"http://public2.vulnerablecode.io/api/packages/55844?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56130?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qct-gbgt-kkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55111?format=json","vulnerability_id":"VCID-475f-pyhf-7yab","summary":"Symfony XML Entity Expansion security vulnerability\nSymfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean \"No Entities\"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.\n\nConsider this (non-fatal) example:","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md"},{"reference_url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-17-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-17-released"},{"reference_url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942","reference_id":"GHSA-q2gc-gg3x-7942","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51290?format=json","purl":"pkg:composer/symfony/symfony@2.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-86ct-zv8d-d3eb"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hkyw-trsd-g3d2"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-p747-wvpw-r3fx"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-va3n-eg8b-guff"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17"}],"aliases":["GHSA-q2gc-gg3x-7942"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-475f-pyhf-7yab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46379?format=json","vulnerability_id":"VCID-4f9e-eg67-cqbr","summary":"Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85886","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"CVE-2023-46734.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67682?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/67676?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/67677?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/687204?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37838?format=json","vulnerability_id":"VCID-5pmg-t1rb-wbd4","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52240?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/199330?format=json","purl":"pkg:composer/symfony/symfony@2.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/52241?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/200885?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/52242?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pmg-t1rb-wbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37476?format=json","vulnerability_id":"VCID-86ct-zv8d-d3eb","summary":"Routes behind a firewall are accessible even when not logged in\nSymfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44616","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44686","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496"},{"reference_url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51331?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"}],"aliases":["CVE-2012-6431","GHSA-83c3-qx27-2rwr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86ct-zv8d-d3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37477?format=json","vulnerability_id":"VCID-8bg3-r2zm-kfht","summary":"Code Injection\nSymfony, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a `/_internal` substring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6432","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62864","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62907","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6432"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6432.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6432.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6432","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6432"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51347?format=json","purl":"pkg:composer/symfony/symfony@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/51348?format=json","purl":"pkg:composer/symfony/symfony@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.5"}],"aliases":["CVE-2012-6432","GHSA-89cp-fvcc-hxh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bg3-r2zm-kfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44350?format=json","vulnerability_id":"VCID-91hk-tdtv-x7fp","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39683","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39597","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63770?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63771?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63772?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/634333?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63773?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/634345?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63774?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48354?format=json","vulnerability_id":"VCID-bhnt-pgq7-yya3","summary":"Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91125","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71371?format=json","purl":"pkg:composer/symfony/symfony@5.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/71372?format=json","purl":"pkg:composer/symfony/symfony@6.4.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/71373?format=json","purl":"pkg:composer/symfony/symfony@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/897796?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37740?format=json","vulnerability_id":"VCID-bktf-ejbt-2fds","summary":"Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in the Web Profiler.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02"},{"reference_url":"https://github.com/symfony/symfony/pull/11832","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11832"},{"reference_url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36"},{"reference_url":"https://symfony.com/cve-2014-6072","reference_id":"CVE-2014-6072","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6072"},{"reference_url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw","reference_id":"GHSA-v35g-4rrw-h4fw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52295?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51932?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199341?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6072","GHSA-v35g-4rrw-h4fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bktf-ejbt-2fds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37702?format=json","vulnerability_id":"VCID-bvc9-d1ns-33g6","summary":"Code Injection\nThe `Yaml::parse` function in Symfony allows remote attackers to execute arbitrary PHP code via a PHP file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1348","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70411","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1348"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81550","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81550"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1348.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1348.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ac756bf39e646b4e130fad058d10a0228dbd9779"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1348","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1348"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150612022223/http://www.securityfocus.com/bid/57574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51883?format=json","purl":"pkg:composer/symfony/symfony@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22"}],"aliases":["CVE-2013-1348","GHSA-2r5h-6r7v-5m7c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvc9-d1ns-33g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44352?format=json","vulnerability_id":"VCID-c3qr-9rv2-yqh9","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06125","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06099","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63770?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63771?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63772?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/634333?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63773?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/634345?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63774?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=json","vulnerability_id":"VCID-ef86-hqv4-6kaz","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39996","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39914","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37566?format=json","vulnerability_id":"VCID-emn6-zmp1-yuhr","summary":"Information Exporure\n`Request::getHost()` poisoning vulnerability in Symfony.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76479","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.7645","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752"},{"reference_url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715"},{"reference_url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp","reference_id":"GHSA-22pv-7v9j-hqxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51543?format=json","purl":"pkg:composer/symfony/symfony@2.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/51544?format=json","purl":"pkg:composer/symfony/symfony@2.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51545?format=json","purl":"pkg:composer/symfony/symfony@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51546?format=json","purl":"pkg:composer/symfony/symfony@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3"}],"aliases":["CVE-2013-4752","GHSA-22pv-7v9j-hqxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emn6-zmp1-yuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49869?format=json","vulnerability_id":"VCID-f2w1-nvm5-rub3","summary":"Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01637","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"CVE-2026-24739","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73701?format=json","purl":"pkg:composer/symfony/symfony@5.4.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/73702?format=json","purl":"pkg:composer/symfony/symfony@6.4.33","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/73703?format=json","purl":"pkg:composer/symfony/symfony@7.3.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/897796?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/73704?format=json","purl":"pkg:composer/symfony/symfony@7.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/515395?format=json","purl":"pkg:composer/symfony/symfony@8.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/73705?format=json","purl":"pkg:composer/symfony/symfony@8.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2w1-nvm5-rub3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43407?format=json","vulnerability_id":"VCID-f39p-q1k7-kfgt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_allow list] parameters to system/preferences.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5091","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.50972","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/60","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/60"},{"reference_url":"https://github.com/symphonycms/symphony-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2"},{"reference_url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getsymphony.com/download/releases/version/2.6.4"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getsymphony.com/download/releases/version/2.6.4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766","reference_id":"CVE-2015-8766","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766"},{"reference_url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html","reference_id":"CVE-2015-8766-GETSYMPHONEY.HTML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html"},{"reference_url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3","reference_id":"GHSA-4c5w-qqfg-grf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62231?format=json","purl":"pkg:composer/symfony/symfony@2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.4"}],"aliases":["CVE-2015-8766","GHSA-4c5w-qqfg-grf3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f39p-q1k7-kfgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55096?format=json","vulnerability_id":"VCID-hkyw-trsd-g3d2","summary":"Symfony2 improper IP based access control\nDamien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()).\n\nAn application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.\n\nTo fix this security issue, the following changes have been made to all versions of Symfony2:\n\nA new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:\n```\n// before (probably in your front controller script)\nRequest::trustProxyData();\n```\n```\n// after\nRequest::setTrustedProxies(array('1.1.1.1'));\n// 1.1.1.1 being the IP address of a trusted reverse proxy\n```\nThe Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):\n```\nRequest::trustProxyData();\n```\n```\n// is equivalent to\nRequest::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));\n```\nWe encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:\n\n[Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19\n[Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-11-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-11-29.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/922c2015f61a7205180d423dce1f7365cc2d8460","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/922c2015f61a7205180d423dce1f7365cc2d8460"},{"reference_url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"},{"reference_url":"https://github.com/advisories/GHSA-hx53-jchx-cr52","reference_id":"GHSA-hx53-jchx-cr52","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hx53-jchx-cr52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51331?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["GHSA-hx53-jchx-cr52"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkyw-trsd-g3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37741?format=json","vulnerability_id":"VCID-hs5u-r1jg-tub5","summary":"Improper Access Control\nDirect access of ESI URLs behind a trusted proxy.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5"},{"reference_url":"https://github.com/symfony/symfony/pull/11831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11831"},{"reference_url":"https://symfony.com/cve-2014-5245","reference_id":"CVE-2014-5245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5245"},{"reference_url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm","reference_id":"GHSA-wvjv-p5rr-mmqm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52295?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51932?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199341?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5245","GHSA-wvjv-p5rr-mmqm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5u-r1jg-tub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37453?format=json","vulnerability_id":"VCID-kysh-mfs1-3fad","summary":"Improper Restriction of XML External Entity Reference\nSecurity fixes related to the way XML is handled.","references":[{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-17-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/security-release-symfony-2-0-17-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51290?format=json","purl":"pkg:composer/symfony/symfony@2.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-86ct-zv8d-d3eb"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hkyw-trsd-g3d2"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-p747-wvpw-r3fx"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-va3n-eg8b-guff"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/196813?format=json","purl":"pkg:composer/symfony/symfony@2.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1"}],"aliases":["GMS-2012-13"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kysh-mfs1-3fad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111426?format=json","vulnerability_id":"VCID-n7gh-k1gc-5fb8","summary":"Symfony Arbitrary PHP code Execution\nSymfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\\Parser::parse function, a different vulnerability than CVE-2013-1348.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70411","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g","reference_id":"GHSA-7w53-hfpw-rg3g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51883?format=json","purl":"pkg:composer/symfony/symfony@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/152488?format=json","purl":"pkg:composer/symfony/symfony@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/152486?format=json","purl":"pkg:composer/symfony/symfony@2.2.0-BETA2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0-BETA2"}],"aliases":["CVE-2013-1397","GHSA-7w53-hfpw-rg3g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7gh-k1gc-5fb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39968?format=json","vulnerability_id":"VCID-nsuz-7sdv-abef","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.7827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37742?format=json","vulnerability_id":"VCID-p131-pv18-ykht","summary":"Improper Authorization\nSecurity issue when parsing the Authorization header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904"},{"reference_url":"https://github.com/symfony/symfony/pull/11829","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11829"},{"reference_url":"https://symfony.com/cve-2014-6061","reference_id":"CVE-2014-6061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6061"},{"reference_url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829","reference_id":"GHSA-h7v2-2qwg-h829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52295?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51932?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199341?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6061","GHSA-h7v2-2qwg-h829"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p131-pv18-ykht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55112?format=json","vulnerability_id":"VCID-p747-wvpw-r3fx","summary":"Symfony2 security issue when the trust proxy mode is enabled\nAn application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.\n\nTo fix this security issue, the following changes have been made to all versions of Symfony2:\n\nA new Request::setTrustedProxies() method has been introduced and should be used intead of Request::trustProxyData() to enable the trust proxy mode. It takes an array of trusted proxy IP addresses as its argument:\n```\n// before (probably in your front controller script)\nRequest::trustProxyData();\n\n// after\nRequest::setTrustedProxies(array('1.1.1.1'));\n// 1.1.1.1 being the IP address of a trusted reverse proxy\n```\nThe Request::trustProxyData() method has been deprecated (when used, it automatically trusts the latest proxy in the chain -- which is the current remote address):\n```\nRequest::trustProxyData();\n\n// is equivalent to\nRequest::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));\n```\nWe encourage all Symfony2 users to upgrade as soon as possible. It you don't want to upgrade to the latest version yet, you can also apply the following patches:\n\n- [Patch](https://github.com/symfony/symfony/compare/fc89d6b...9ce892c.patch) for Symfony 2.0.19\n- [Patch](https://github.com/symfony/symfony/compare/922c201...e5536f0.patch) for Symfony 2.1.4","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml"},{"reference_url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34"},{"reference_url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35"},{"reference_url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b"},{"reference_url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"},{"reference_url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww","reference_id":"GHSA-vfm6-r2gc-pwww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51331?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["GHSA-vfm6-r2gc-pwww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p747-wvpw-r3fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56133?format=json","vulnerability_id":"VCID-pj86-ync3-gyan","summary":"Symfony has an incorrect response from Validator when input ends with `\\n`\nIt is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48109","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"CVE-2024-50343","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"CVE-2024-50343","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"CVE-2024-50343.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"CVE-2024-50343.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83178?format=json","purl":"pkg:composer/symfony/symfony@5.4.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/83179?format=json","purl":"pkg:composer/symfony/symfony@6.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/83180?format=json","purl":"pkg:composer/symfony/symfony@7.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj86-ync3-gyan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37743?format=json","vulnerability_id":"VCID-pxwk-7vcf-m7f5","summary":"Uncontrolled Resource Consumption\nDenial of service with a malicious HTTP Host header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8"},{"reference_url":"https://github.com/symfony/symfony/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11828"},{"reference_url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header"},{"reference_url":"https://symfony.com/cve-2014-5244","reference_id":"CVE-2014-5244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5244"},{"reference_url":"https://github.com/advisories/GHSA-v77v-x634-9m56","reference_id":"GHSA-v77v-x634-9m56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v77v-x634-9m56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52295?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51932?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199341?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5244","GHSA-v77v-x634-9m56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxwk-7vcf-m7f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40154?format=json","vulnerability_id":"VCID-qqd1-smb1-sbe8","summary":"URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95057","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56279?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/56269?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/56280?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/56270?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56271?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56272?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37785?format=json","vulnerability_id":"VCID-rkap-39hu-abe9","summary":"Uncontrolled Resource Consumption\nThe Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65144","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/symfony/polyfill/pull/155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/polyfill/pull/155"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/issues/11522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/issues/11522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52106?format=json","purl":"pkg:composer/symfony/symfony@2.0.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.25"},{"url":"http://public2.vulnerablecode.io/api/packages/52107?format=json","purl":"pkg:composer/symfony/symfony@2.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52108?format=json","purl":"pkg:composer/symfony/symfony@2.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52109?format=json","purl":"pkg:composer/symfony/symfony@2.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.6"}],"aliases":["CVE-2013-5958","GHSA-cr49-fx2v-9p57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkap-39hu-abe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37469?format=json","vulnerability_id":"VCID-va3n-eg8b-guff","summary":"Information Exposure\nRequest::getClientIp() when the trust proxy mode is enabled.","references":[{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51331?format=json","purl":"pkg:composer/symfony/symfony@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-bvc9-d1ns-33g6"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/196813?format=json","purl":"pkg:composer/symfony/symfony@2.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51332?format=json","purl":"pkg:composer/symfony/symfony@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-8bg3-r2zm-kfht"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-emn6-zmp1-yuhr"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-n7gh-k1gc-5fb8"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-x999-2wb8-s3ec"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.4"}],"aliases":["GMS-2012-14"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-va3n-eg8b-guff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=json","vulnerability_id":"VCID-vyug-krcw-jyef","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76117","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37867?format=json","vulnerability_id":"VCID-wdz4-hfer-1ud1","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6811","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52240?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/52241?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52242?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdz4-hfer-1ud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38131?format=json","vulnerability_id":"VCID-x4nv-gvag-7qf2","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81062","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81034","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52729?format=json","purl":"pkg:composer/symfony/symfony@2.3.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.41"},{"url":"http://public2.vulnerablecode.io/api/packages/52730?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52731?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52732?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4nv-gvag-7qf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51971?format=json","vulnerability_id":"VCID-x999-2wb8-s3ec","summary":"Improper Input Validation\n`php-symfony2-Validator` suffers from a loss of information during serialization.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114380.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114436.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68872","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68912","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4751"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86364","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86364"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4751.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2013-4751.yaml"},{"reference_url":"https://github.com/symfony/validator","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/validator"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4751","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4751"},{"reference_url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228181137/http://www.securityfocus.com/bid/61709"},{"reference_url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://github.com/advisories/GHSA-q8j7-fjh7-25v5","reference_id":"GHSA-q8j7-fjh7-25v5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8j7-fjh7-25v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51543?format=json","purl":"pkg:composer/symfony/symfony@2.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/51544?format=json","purl":"pkg:composer/symfony/symfony@2.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51545?format=json","purl":"pkg:composer/symfony/symfony@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/51546?format=json","purl":"pkg:composer/symfony/symfony@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-2kf8-ugvv-tbb8"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-bktf-ejbt-2fds"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-f2w1-nvm5-rub3"},{"vulnerability":"VCID-f39p-q1k7-kfgt"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-hs5u-r1jg-tub5"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p131-pv18-ykht"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-pxwk-7vcf-m7f5"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-rkap-39hu-abe9"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.3"}],"aliases":["CVE-2013-4751","GHSA-q8j7-fjh7-25v5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x999-2wb8-s3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56123?format=json","vulnerability_id":"VCID-yetr-unnz-gbhn","summary":"Symfony vulnerable to command execution hijack on Windows with Process class\nOn Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"CVE-2024-51736","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"CVE-2024-51736","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"CVE-2024-51736.YAML","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"CVE-2024-51736.YAML","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83126?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83127?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83128?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/777701?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yetr-unnz-gbhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56130?format=json","vulnerability_id":"VCID-zgxf-qxwu-pqf9","summary":"Symfony vulnerable to open redirect via browser-sanitized URLs\nThe `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"CVE-2024-50345","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"CVE-2024-50345","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"CVE-2024-50345.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"CVE-2024-50345.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83126?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83127?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-f2w1-nvm5-rub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83128?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/777701?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.15"}