{"url":"http://public2.vulnerablecode.io/api/packages/199503?format=json","purl":"pkg:composer/symfony/http-kernel@2.0.16","type":"composer","namespace":"symfony","name":"http-kernel","version":"2.0.16","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.52","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37741?format=json","vulnerability_id":"VCID-hs5u-r1jg-tub5","summary":"Improper Access Control\nDirect access of ESI URLs behind a trusted proxy.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5"},{"reference_url":"https://github.com/symfony/symfony/pull/11831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11831"},{"reference_url":"https://symfony.com/cve-2014-5245","reference_id":"CVE-2014-5245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52290?format=json","purl":"pkg:composer/symfony/http-kernel@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-wdz4-hfer-1ud1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/51957?format=json","purl":"pkg:composer/symfony/http-kernel@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-wdz4-hfer-1ud1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/199569?format=json","purl":"pkg:composer/symfony/http-kernel@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-wdz4-hfer-1ud1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51958?format=json","purl":"pkg:composer/symfony/http-kernel@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"},{"vulnerability":"VCID-wdz4-hfer-1ud1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/199573?format=json","purl":"pkg:composer/symfony/http-kernel@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@3.2.13"}],"aliases":["CVE-2014-5245","GHSA-wvjv-p5rr-mmqm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5u-r1jg-tub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37867?format=json","vulnerability_id":"VCID-wdz4-hfer-1ud1","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52309?format=json","purl":"pkg:composer/symfony/http-kernel@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/52310?format=json","purl":"pkg:composer/symfony/http-kernel@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52311?format=json","purl":"pkg:composer/symfony/http-kernel@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mtb5-t6y4-w3eb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdz4-hfer-1ud1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-kernel@2.0.16"}