{"url":"http://public2.vulnerablecode.io/api/packages/21074?format=json","purl":"pkg:composer/symfony/symfony@2.4.0-alpha","type":"composer","namespace":"symfony","name":"symfony","version":"2.4.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.51","latest_non_vulnerable_version":"8.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7122?format=json","vulnerability_id":"VCID-d1kp-7aht-9qa2","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67842","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67755","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67781","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67761","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67803","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67645","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.677","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6768","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67732","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67769","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://github.com/advisories/GHSA-5c58-w9xc-qcj9","reference_id":"GHSA-5c58-w9xc-qcj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5c58-w9xc-qcj9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21077?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/21078?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1kp-7aht-9qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7412?format=json","vulnerability_id":"VCID-nsk8-bk5e-tbfh","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80825","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80804","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80782","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80721","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.8072","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm","reference_id":"GHSA-whgv-8cg3-7hcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22396?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-t2dx-5us4-mkf1"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/22398?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/22400?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk8-bk5e-tbfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7096?format=json","vulnerability_id":"VCID-wwhm-mrr3-v7h3","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21077?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/152148?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/21078?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-5u5z-qzg2-sbhg"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahmf-nthw-ufaq"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-fy39-ys3p-5ucm"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-up7g-6ewp-uya5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwhm-mrr3-v7h3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.0-alpha"}