Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/symfony@7.4.0~rc1%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Namesymfony
Version7.4.0~rc1+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.4.12+dfsg-1
Latest_non_vulnerable_version7.4.13+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-mqjv-9ptq-q3g9
vulnerability_id VCID-mqjv-9ptq-q3g9
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.06307
scoring_system epss
scoring_elements 0.91097
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
4
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
7
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
purl pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
1
vulnerability VCID-9cfq-wdcw-13f8
2
vulnerability VCID-brbn-9szp-2ubx
3
vulnerability VCID-buyw-5tjv-myem
4
vulnerability VCID-cfca-cgne-4fev
5
vulnerability VCID-d7r9-9h57-5yen
6
vulnerability VCID-gd71-zeaf-zqbr
7
vulnerability VCID-kxff-fp12-qfcu
8
vulnerability VCID-mzxb-ryz7-xbev
9
vulnerability VCID-nsrm-u4km-qqa1
10
vulnerability VCID-qscu-huud-4fbz
11
vulnerability VCID-styq-7bbp-pbf6
12
vulnerability VCID-usft-rqta-eyhg
13
vulnerability VCID-wv5b-2644-w3gf
14
vulnerability VCID-ya1e-7bph-pqgp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie
1
url pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-31pu-2pt7-2fh2
1
vulnerability VCID-3rs1-f6qt-vqbn
2
vulnerability VCID-4e6m-3qj2-67ag
3
vulnerability VCID-4ufx-41vp-ducg
4
vulnerability VCID-5113-3b42-j3eh
5
vulnerability VCID-5qmw-a84t-dfge
6
vulnerability VCID-8akz-87u4-7uh9
7
vulnerability VCID-8vur-b48u-pqeu
8
vulnerability VCID-9cfq-wdcw-13f8
9
vulnerability VCID-brbn-9szp-2ubx
10
vulnerability VCID-btxp-ywr3-ukgj
11
vulnerability VCID-buyw-5tjv-myem
12
vulnerability VCID-cfca-cgne-4fev
13
vulnerability VCID-d7r9-9h57-5yen
14
vulnerability VCID-fh6h-dyx9-83h1
15
vulnerability VCID-gd71-zeaf-zqbr
16
vulnerability VCID-kxff-fp12-qfcu
17
vulnerability VCID-mzxb-ryz7-xbev
18
vulnerability VCID-nsrm-u4km-qqa1
19
vulnerability VCID-qscu-huud-4fbz
20
vulnerability VCID-styq-7bbp-pbf6
21
vulnerability VCID-usft-rqta-eyhg
22
vulnerability VCID-wv5b-2644-w3gf
23
vulnerability VCID-ya1e-7bph-pqgp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/symfony@7.4.0~rc1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/symfony@7.4.0~rc1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.0~rc1%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/symfony@7.4.13%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.13%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mqjv-9ptq-q3g9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.0~rc1%252Bdfsg-1%3Fdistro=trixie