{"url":"http://public2.vulnerablecode.io/api/packages/220183?format=json","purl":"pkg:composer/symfony/symfony@2.7.39","type":"composer","namespace":"symfony","name":"symfony","version":"2.7.39","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.50","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42234?format=json","vulnerability_id":"VCID-15tu-dfam-yqgh","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38571","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38482","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60330?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/60331?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/60332?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40155?format=json","vulnerability_id":"VCID-1y96-v19f-tkgg","summary":"Improper Input Validation\nAn issue was discovered in `HttpKernel` in Symfony When using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37409","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37318","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14774"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a"},{"reference_url":"https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/7f912bbb78377c2ea331b3da28363435fbd91337"},{"reference_url":"https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/96504fb8c9f91204727d2930eb837473ce154956"},{"reference_url":"https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/974240e178bb01d734bf1df1ad5c3beba6a2f982"},{"reference_url":"https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9cfcaba0bf71f87683510b5f47ebaac5f5d6a5ba"},{"reference_url":"https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/bcf5897bb1a99d4acae8bf7b73e81bfdeaac0922"},{"reference_url":"https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14774","reference_id":"CVE-2018-14774","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14774"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56279?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/56269?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/56280?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/56270?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56271?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56272?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14774","GHSA-66p6-7p29-55p9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1y96-v19f-tkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40985?format=json","vulnerability_id":"VCID-23hr-yznx-c3fb","summary":"Improper Authentication\nIn Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50897","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50835","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911"},{"reference_url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://symfony.com/cve-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10911"},{"reference_url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr","reference_id":"GHSA-cchx-mfrc-fwqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58018?format=json","purl":"pkg:composer/symfony/symfony@2.7.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/58019?format=json","purl":"pkg:composer/symfony/symfony@2.8.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/58020?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/76200?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/58021?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10911","GHSA-cchx-mfrc-fwqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52037?format=json","vulnerability_id":"VCID-37et-21qw-skd7","summary":"Improper Input Validation\nIf an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85085","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76251?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/76252?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/76253?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/76248?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46379?format=json","vulnerability_id":"VCID-4f9e-eg67-cqbr","summary":"Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85886","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"CVE-2023-46734.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/687204?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/67682?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/67676?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/67677?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40980?format=json","vulnerability_id":"VCID-6c6t-kmb3-2qcm","summary":"Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58114","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58018?format=json","purl":"pkg:composer/symfony/symfony@2.7.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/58019?format=json","purl":"pkg:composer/symfony/symfony@2.8.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/58020?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/76200?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/58021?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6c6t-kmb3-2qcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40978?format=json","vulnerability_id":"VCID-7m45-bvbn-4qd3","summary":"SQL Injection\nIn Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4935","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49289","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58018?format=json","purl":"pkg:composer/symfony/symfony@2.7.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/58019?format=json","purl":"pkg:composer/symfony/symfony@2.8.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/58020?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/76200?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/58021?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10913","GHSA-x92h-wmg2-6hp7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44350?format=json","vulnerability_id":"VCID-91hk-tdtv-x7fp","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39683","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39597","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63770?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63771?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63772?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/634333?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63773?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/634345?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63774?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52022?format=json","vulnerability_id":"VCID-awma-bc9f-kfe2","summary":"Symfony Service IDs Allow Injection\nIn Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93887","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93877","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb"},{"reference_url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b"},{"reference_url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910"},{"reference_url":"https://symfony.com/cve-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10910"},{"reference_url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid","reference_id":"CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2","reference_id":"GHSA-pgwj-prpq-jpc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58018?format=json","purl":"pkg:composer/symfony/symfony@2.7.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/58019?format=json","purl":"pkg:composer/symfony/symfony@2.8.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/58020?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/76200?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/58021?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10910","GHSA-pgwj-prpq-jpc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awma-bc9f-kfe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48354?format=json","vulnerability_id":"VCID-bhnt-pgq7-yya3","summary":"Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass\nThe `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91125","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.YAML","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/897796?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/71371?format=json","purl":"pkg:composer/symfony/symfony@5.4.50","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/71372?format=json","purl":"pkg:composer/symfony/symfony@6.4.29","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/71373?format=json","purl":"pkg:composer/symfony/symfony@7.3.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44352?format=json","vulnerability_id":"VCID-c3qr-9rv2-yqh9","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06125","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06099","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63770?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/267368?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63771?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63772?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/634333?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63773?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/634345?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/63774?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-s3tv-69ye-13bf"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39965?format=json","vulnerability_id":"VCID-ef86-hqv4-6kaz","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39996","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39914","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40525?format=json","vulnerability_id":"VCID-frbz-vpfe-vbh9","summary":"Unrestricted Upload of File with Dangerous Type\nWhen using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75538","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path"},{"reference_url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://symfony.com/cve-2018-19789","reference_id":"CVE-2018-19789","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19789"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57134?format=json","purl":"pkg:composer/symfony/symfony@2.7.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.50"},{"url":"http://public2.vulnerablecode.io/api/packages/57135?format=json","purl":"pkg:composer/symfony/symfony@2.8.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.49"},{"url":"http://public2.vulnerablecode.io/api/packages/57136?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/57137?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/57138?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/57139?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19789","GHSA-x3cf-w64x-4cp2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52042?format=json","vulnerability_id":"VCID-jqh6-rwsw-73bs","summary":"Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)\nThe UriSigner was subjectto timing attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74617","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74649","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76251?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/76252?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/76253?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/76248?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqh6-rwsw-73bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40526?format=json","vulnerability_id":"VCID-mew1-9shg-mugs","summary":"URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63875","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63833","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http"},{"reference_url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106249"},{"reference_url":"https://symfony.com/cve-2018-19790","reference_id":"CVE-2018-19790","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19790"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57134?format=json","purl":"pkg:composer/symfony/symfony@2.7.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.50"},{"url":"http://public2.vulnerablecode.io/api/packages/57135?format=json","purl":"pkg:composer/symfony/symfony@2.8.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.49"},{"url":"http://public2.vulnerablecode.io/api/packages/57136?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/57137?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/57138?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/57139?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-9m8x-djng-8ye3"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19790","GHSA-89r2-5g34-2g47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39968?format=json","vulnerability_id":"VCID-nsuz-7sdv-abef","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.7827","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56133?format=json","vulnerability_id":"VCID-pj86-ync3-gyan","summary":"Symfony has an incorrect response from Validator when input ends with `\\n`\nIt is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48109","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"CVE-2024-50343","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"CVE-2024-50343","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"CVE-2024-50343.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"CVE-2024-50343.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83178?format=json","purl":"pkg:composer/symfony/symfony@5.4.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/83179?format=json","purl":"pkg:composer/symfony/symfony@6.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/83180?format=json","purl":"pkg:composer/symfony/symfony@7.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4nx8-hnsf-mych"},{"vulnerability":"VCID-88mw-6zg1-gke1"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pj86-ync3-gyan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40154?format=json","vulnerability_id":"VCID-qqd1-smb1-sbe8","summary":"URL Rewrite vulnerability\nAn issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95057","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95049","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56279?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/56269?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/56280?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/56270?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56271?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56272?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-kktw-gsen-jyd8"},{"vulnerability":"VCID-m9e2-rg83-d7eb"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39970?format=json","vulnerability_id":"VCID-tx26-92jc-rkff","summary":"URL Redirection to Untrusted Site (Open Redirect)\nThe security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54265","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54208","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408"},{"reference_url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://symfony.com/cve-2018-11408","reference_id":"CVE-2018-11408","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11408","GHSA-7hwc-2cq4-6x2w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx26-92jc-rkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39963?format=json","vulnerability_id":"VCID-vyug-krcw-jyef","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76092","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76117","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55897?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/55829?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/56274?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55830?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55831?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15tu-dfam-yqgh"},{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-37et-21qw-skd7"},{"vulnerability":"VCID-3kvp-hnpd-gbcq"},{"vulnerability":"VCID-4f9e-eg67-cqbr"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-91hk-tdtv-x7fp"},{"vulnerability":"VCID-awma-bc9f-kfe2"},{"vulnerability":"VCID-bhnt-pgq7-yya3"},{"vulnerability":"VCID-c3qr-9rv2-yqh9"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-jqh6-rwsw-73bs"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-p6f7-utd6-eqej"},{"vulnerability":"VCID-pj86-ync3-gyan"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-yetr-unnz-gbhn"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zgxf-qxwu-pqf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56123?format=json","vulnerability_id":"VCID-yetr-unnz-gbhn","summary":"Symfony vulnerable to command execution hijack on Windows with Process class\nOn Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74134","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"CVE-2024-51736","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"CVE-2024-51736","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"CVE-2024-51736.YAML","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"CVE-2024-51736.YAML","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/777701?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83126?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83127?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83128?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yetr-unnz-gbhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56130?format=json","vulnerability_id":"VCID-zgxf-qxwu-pqf9","summary":"Symfony vulnerable to open redirect via browser-sanitized URLs\nThe `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"CVE-2024-50345","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"CVE-2024-50345","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"CVE-2024-50345.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"CVE-2024-50345.YAML","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/777701?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83126?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/515396?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83127?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/515397?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p6dz-c7ee-1fg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/83128?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bhnt-pgq7-yya3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.39"}