Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/http-foundation@2.0.13

Type composer

Namespace symfony

Name http-foundation

Version 2.0.13

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.8.52

Latest_non_vulnerable_version 7.3.7

Affected_by_vulnerabilities

url VCID-37et-21qw-skd7

vulnerability_id VCID-37et-21qw-skd7

summary

Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_id

reference_type

scores

value	0.0231
scoring_system	epss
scoring_elements	0.85061
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18888

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml

reference_url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18888

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18888

reference_url

https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser

reference_url

https://symfony.com/blog/symfony-4-3-8-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/symfony-4-3-8-released

reference_url

https://symfony.com/cve-2019-18888

reference_id

CVE-2019-18888

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18888

fixed_packages

url	pkg:composer/symfony/http-foundation@2.8.52
purl	pkg:composer/symfony/http-foundation@2.8.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52

url	pkg:composer/symfony/http-foundation@3.4.35
purl	pkg:composer/symfony/http-foundation@3.4.35
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35

url	pkg:composer/symfony/http-foundation@4.2.12
purl	pkg:composer/symfony/http-foundation@4.2.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12

url	pkg:composer/symfony/http-foundation@4.3.8
purl	pkg:composer/symfony/http-foundation@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8

aliases CVE-2019-18888, GHSA-xhh6-956q-4q69

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7

url VCID-5pmg-t1rb-wbd4

vulnerability_id VCID-5pmg-t1rb-wbd4

summary

Unsafe methods in the Request class
The `Symfony\Component\HttpFoundation\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a "non-trusted" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml

reference_url

https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84

reference_url

https://github.com/symfony/symfony/pull/14166

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/14166

reference_url

https://symfony.com/cve-2015-2309

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2015-2309

reference_url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class
reference_id	CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS
reference_type
scores
url	http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class

fixed_packages

url pkg:composer/symfony/http-foundation@2.3.27

purl pkg:composer/symfony/http-foundation@2.3.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27

url pkg:composer/symfony/http-foundation@2.3.29

purl pkg:composer/symfony/http-foundation@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.29

url pkg:composer/symfony/http-foundation@2.5.11

purl pkg:composer/symfony/http-foundation@2.5.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

url pkg:composer/symfony/http-foundation@2.6.6

purl pkg:composer/symfony/http-foundation@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6

url pkg:composer/symfony/http-foundation@2.6.8

purl pkg:composer/symfony/http-foundation@2.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8

aliases CVE-2015-2309, GHSA-p684-f7fh-jv2j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pmg-t1rb-wbd4

url VCID-86ct-zv8d-d3eb

vulnerability_id VCID-86ct-zv8d-d3eb

summary

Routes behind a firewall are accessible even when not logged in
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44616
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml

reference_url

https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496

reference_url

https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6431

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6431

reference_url

https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_url

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.19

purl pkg:composer/symfony/http-foundation@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-emn6-zmp1-yuhr

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19

aliases CVE-2012-6431, GHSA-83c3-qx27-2rwr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86ct-zv8d-d3eb

url VCID-emn6-zmp1-yuhr

vulnerability_id VCID-emn6-zmp1-yuhr

summary

Information Exporure
`Request::getHost()` poisoning vulnerability in Symfony.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4752

reference_id

reference_type

scores

value	0.00928
scoring_system	epss
scoring_elements	0.7645
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4752

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86365

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86365

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86366

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86366

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86367

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86367

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86368

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86368

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86369

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86369

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86370

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86370

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86371

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86371

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86372

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86372

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86373

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86373

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/86374

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4752

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4752

reference_url

https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

reference_url

https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715

reference_url

http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.24

purl pkg:composer/symfony/http-foundation@2.0.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.24

url pkg:composer/symfony/http-foundation@2.1.12

purl pkg:composer/symfony/http-foundation@2.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.12

url pkg:composer/symfony/http-foundation@2.2.5

purl pkg:composer/symfony/http-foundation@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.5

url pkg:composer/symfony/http-foundation@2.3.3

purl pkg:composer/symfony/http-foundation@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.3

aliases CVE-2013-4752, GHSA-22pv-7v9j-hqxp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emn6-zmp1-yuhr

url VCID-g6jv-2k1h-1be9

vulnerability_id VCID-g6jv-2k1h-1be9

summary

Information Exposure
`Request::getClientIp()` gives access to client IP when the trust proxy mode is enabled.

references

reference_url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4
reference_id
reference_type
scores
url	https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4

fixed_packages

url pkg:composer/symfony/http-foundation@2.0.19

purl pkg:composer/symfony/http-foundation@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-emn6-zmp1-yuhr

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19

url pkg:composer/symfony/http-foundation@2.0.20

purl pkg:composer/symfony/http-foundation@2.0.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-emn6-zmp1-yuhr

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.20

url pkg:composer/symfony/http-foundation@2.1.4

purl pkg:composer/symfony/http-foundation@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-emn6-zmp1-yuhr

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.4

url pkg:composer/symfony/http-foundation@2.1.5

purl pkg:composer/symfony/http-foundation@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-emn6-zmp1-yuhr

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-p131-pv18-ykht

vulnerability	VCID-pxwk-7vcf-m7f5

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.5

aliases GMS-2012-9

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6jv-2k1h-1be9

url VCID-nsuz-7sdv-abef

vulnerability_id VCID-nsuz-7sdv-abef

summary

Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11386

reference_id

reference_type

scores

value	0.01086
scoring_system	epss
scoring_elements	0.78244
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11386

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11386

reference_url

https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url

https://symfony.com/cve-2018-11386

reference_id

CVE-2018-11386

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-11386

fixed_packages

url pkg:composer/symfony/http-foundation@2.7.48

purl pkg:composer/symfony/http-foundation@2.7.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.48

url pkg:composer/symfony/http-foundation@2.8.41

purl pkg:composer/symfony/http-foundation@2.8.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41

url pkg:composer/symfony/http-foundation@3.3.17

purl pkg:composer/symfony/http-foundation@3.3.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17

url pkg:composer/symfony/http-foundation@3.4.11

purl pkg:composer/symfony/http-foundation@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11

url pkg:composer/symfony/http-foundation@4.0.11

purl pkg:composer/symfony/http-foundation@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11

aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef

url VCID-p131-pv18-ykht

vulnerability_id VCID-p131-pv18-ykht

summary

Improper Authorization
Security issue when parsing the Authorization header.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml

reference_url

https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904

reference_url

https://github.com/symfony/symfony/pull/11829

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/11829

reference_url

https://symfony.com/cve-2014-6061

reference_id

CVE-2014-6061

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2014-6061

fixed_packages

url pkg:composer/symfony/http-foundation@2.3.19

purl pkg:composer/symfony/http-foundation@2.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19

url pkg:composer/symfony/http-foundation@2.4.9

purl pkg:composer/symfony/http-foundation@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9

url pkg:composer/symfony/http-foundation@2.5.0-BETA1

purl pkg:composer/symfony/http-foundation@2.5.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1

url pkg:composer/symfony/http-foundation@2.5.4

purl pkg:composer/symfony/http-foundation@2.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4

url pkg:composer/symfony/http-foundation@2.5.11

purl pkg:composer/symfony/http-foundation@2.5.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

aliases CVE-2014-6061, GHSA-h7v2-2qwg-h829

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p131-pv18-ykht

url VCID-pxwk-7vcf-m7f5

vulnerability_id VCID-pxwk-7vcf-m7f5

summary

Uncontrolled Resource Consumption
Denial of service with a malicious HTTP Host header.

references

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml

reference_url

https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8

reference_url

https://github.com/symfony/symfony/pull/11828

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/11828

reference_url

https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header

reference_url

https://symfony.com/cve-2014-5244

reference_id

CVE-2014-5244

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2014-5244

fixed_packages

url pkg:composer/symfony/http-foundation@2.3.19

purl pkg:composer/symfony/http-foundation@2.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19

url pkg:composer/symfony/http-foundation@2.4.9

purl pkg:composer/symfony/http-foundation@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9

url pkg:composer/symfony/http-foundation@2.5.0-BETA1

purl pkg:composer/symfony/http-foundation@2.5.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1

url pkg:composer/symfony/http-foundation@2.5.4

purl pkg:composer/symfony/http-foundation@2.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-5pmg-t1rb-wbd4

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4

url pkg:composer/symfony/http-foundation@2.5.11

purl pkg:composer/symfony/http-foundation@2.5.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-nsuz-7sdv-abef

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11

aliases CVE-2014-5244, GHSA-v77v-x634-9m56

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxwk-7vcf-m7f5

url VCID-qqd1-smb1-sbe8

vulnerability_id VCID-qqd1-smb1-sbe8

summary

URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14773

reference_id

reference_type

scores

value	0.16652
scoring_system	epss
scoring_elements	0.95049
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml

reference_url

https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14773

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14773

reference_url

https://seclists.org/bugtraq/2019/May/21

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/May/21

reference_url

https://www.debian.org/security/2019/dsa-4441

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4441

reference_url

https://www.drupal.org/SA-CORE-2018-005

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/SA-CORE-2018-005

reference_url

http://www.securityfocus.com/bid/104943

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/104943

reference_url

http://www.securitytracker.com/id/1041405

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041405

reference_url

https://security.archlinux.org/AVG-744

reference_id

AVG-744

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-744

reference_url

https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

reference_id

CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers

fixed_packages

url pkg:composer/symfony/http-foundation@2.7.49

purl pkg:composer/symfony/http-foundation@2.7.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49

url pkg:composer/symfony/http-foundation@2.8.44

purl pkg:composer/symfony/http-foundation@2.8.44

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44

url pkg:composer/symfony/http-foundation@3.3.18

purl pkg:composer/symfony/http-foundation@3.3.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

vulnerability	VCID-qqd1-smb1-sbe8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18

url pkg:composer/symfony/http-foundation@3.4.14

purl pkg:composer/symfony/http-foundation@3.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14

url pkg:composer/symfony/http-foundation@4.0.14

purl pkg:composer/symfony/http-foundation@4.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14

url pkg:composer/symfony/http-foundation@4.1.3

purl pkg:composer/symfony/http-foundation@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37et-21qw-skd7

vulnerability	VCID-7m45-bvbn-4qd3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3

aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.13

Package Instance