{"url":"http://public2.vulnerablecode.io/api/packages/199342?format=json","purl":"pkg:composer/symfony/symfony@2.5.1","type":"composer","namespace":"symfony","name":"symfony","version":"2.5.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.52","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37724?format=json","vulnerability_id":"VCID-2kf8-ugvv-tbb8","summary":"Code Injection\nCode injection in the way Symfony implements translation caching in FrameworkBundle.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-4931","GHSA-wfv7-5x33-v22h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2kf8-ugvv-tbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52037?format=json","vulnerability_id":"VCID-37et-21qw-skd7","summary":"Improper Input Validation\nIf an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76251?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/76252?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/76253?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kktw-gsen-jyd8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/76248?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40103?format=json","vulnerability_id":"VCID-3qct-gbgt-kkbb","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66533","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56128?format=json","purl":"pkg:composer/symfony/symfony@2.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33"},{"url":"http://public2.vulnerablecode.io/api/packages/56129?format=json","purl":"pkg:composer/symfony/symfony@2.8.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26"},{"url":"http://public2.vulnerablecode.io/api/packages/55844?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56130?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qct-gbgt-kkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37838?format=json","vulnerability_id":"VCID-5pmg-t1rb-wbd4","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52241?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/200885?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/52242?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pmg-t1rb-wbd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37740?format=json","vulnerability_id":"VCID-bktf-ejbt-2fds","summary":"Cross-Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF)\nCSRF vulnerability in the Web Profiler.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02"},{"reference_url":"https://github.com/symfony/symfony/pull/11832","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11832"},{"reference_url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36"},{"reference_url":"https://symfony.com/cve-2014-6072","reference_id":"CVE-2014-6072","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6072"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6072","GHSA-v35g-4rrw-h4fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bktf-ejbt-2fds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=json","vulnerability_id":"VCID-ef86-hqv4-6kaz","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39914","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37961?format=json","vulnerability_id":"VCID-gjuz-mjah-e3bj","summary":"Information Exposure Through Timing Discrepancy\nSymfony allows remote attackers to have unspecified impact via a timing attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77412","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16630","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16630"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125"},{"reference_url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service"},{"reference_url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/77692"},{"reference_url":"https://symfony.com/cve-2015-8125","reference_id":"CVE-2015-8125","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52431?format=json","purl":"pkg:composer/symfony/symfony@2.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/52432?format=json","purl":"pkg:composer/symfony/symfony@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7"}],"aliases":["CVE-2015-8125","GHSA-g97c-jfx6-xvxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjuz-mjah-e3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37741?format=json","vulnerability_id":"VCID-hs5u-r1jg-tub5","summary":"Improper Access Control\nDirect access of ESI URLs behind a trusted proxy.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5"},{"reference_url":"https://github.com/symfony/symfony/pull/11831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11831"},{"reference_url":"https://symfony.com/cve-2014-5245","reference_id":"CVE-2014-5245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5245","GHSA-wvjv-p5rr-mmqm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5u-r1jg-tub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52042?format=json","vulnerability_id":"VCID-jqh6-rwsw-73bs","summary":"Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)\nThe UriSigner was subjectto timing attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74617","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18887"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76251?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/76252?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/76253?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kktw-gsen-jyd8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/76248?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39968?format=json","vulnerability_id":"VCID-nsuz-7sdv-abef","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37742?format=json","vulnerability_id":"VCID-p131-pv18-ykht","summary":"Improper Authorization\nSecurity issue when parsing the Authorization header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904"},{"reference_url":"https://github.com/symfony/symfony/pull/11829","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11829"},{"reference_url":"https://symfony.com/cve-2014-6061","reference_id":"CVE-2014-6061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6061","GHSA-h7v2-2qwg-h829"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p131-pv18-ykht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37743?format=json","vulnerability_id":"VCID-pxwk-7vcf-m7f5","summary":"Uncontrolled Resource Consumption\nDenial of service with a malicious HTTP Host header.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8"},{"reference_url":"https://github.com/symfony/symfony/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11828"},{"reference_url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header"},{"reference_url":"https://symfony.com/cve-2014-5244","reference_id":"CVE-2014-5244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5244"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51933?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-5pmg-t1rb-wbd4"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-wdz4-hfer-1ud1"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5244","GHSA-v77v-x634-9m56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxwk-7vcf-m7f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40154?format=json","vulnerability_id":"VCID-qqd1-smb1-sbe8","summary":"URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56279?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/56269?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/56280?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/56270?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56271?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56272?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37963?format=json","vulnerability_id":"VCID-ty9b-xe8v-r7ag","summary":"Session Fixation\nSession fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5394","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/89","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/89"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16631","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16631"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124"},{"reference_url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature"},{"reference_url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"https://symfony.com/cve-2015-8124","reference_id":"CVE-2015-8124","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52431?format=json","purl":"pkg:composer/symfony/symfony@2.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/52432?format=json","purl":"pkg:composer/symfony/symfony@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7"}],"aliases":["CVE-2015-8124","GHSA-j5jh-hpr4-h332"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty9b-xe8v-r7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38130?format=json","vulnerability_id":"VCID-uk5a-g7em-gygd","summary":"Cryptographic Issues\nThe `nextBytes` function in the `SecureRandom` class in Symfony does not properly generate random numbers when used with PHP without the `paragonie/random_compat` library and the `openssl_random_pseudo_bytes` function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60795","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/17359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/17359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902"},{"reference_url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom"},{"reference_url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-1902","reference_id":"CVE-2016-1902","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-1902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52739?format=json","purl":"pkg:composer/symfony/symfony@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52740?format=json","purl":"pkg:composer/symfony/symfony@2.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.9"}],"aliases":["CVE-2016-1902","GHSA-jjx5-fq5g-8xpc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk5a-g7em-gygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=json","vulnerability_id":"VCID-vyug-krcw-jyef","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76092","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37867?format=json","vulnerability_id":"VCID-wdz4-hfer-1ud1","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52241?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52242?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdz4-hfer-1ud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38131?format=json","vulnerability_id":"VCID-x4nv-gvag-7qf2","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81034","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52730?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52731?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52732?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4nv-gvag-7qf2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.1"}