Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-foundation@2.8.22
Typecomposer
Namespacesymfony
Namehttp-foundation
Version2.8.22
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.50
Latest_non_vulnerable_version7.3.7
Affected_by_vulnerabilities
0
url VCID-37et-21qw-skd7
vulnerability_id VCID-37et-21qw-skd7
summary 
Improper Input Validation
If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
reference_id
reference_type
scores
0
value 0.0231
scoring_system epss
scoring_elements 0.85061
published_at 2026-06-04T12:55:00Z
1
value 0.0231
scoring_system epss
scoring_elements 0.85085
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18888
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml
6
reference_url https://github.com/symfony/symfony/releases/tag/v4.3.8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v4.3.8
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18888
20
reference_url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
21
reference_url https://symfony.com/blog/symfony-4-3-8-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/symfony-4-3-8-released
22
reference_url https://symfony.com/cve-2019-18888
reference_id CVE-2019-18888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-18888
23
reference_url https://github.com/advisories/GHSA-xhh6-956q-4q69
reference_id GHSA-xhh6-956q-4q69
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhh6-956q-4q69
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.52
purl pkg:composer/symfony/http-foundation@2.8.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-p6f7-utd6-eqej
2
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52
1
url pkg:composer/symfony/http-foundation@3.4.35
purl pkg:composer/symfony/http-foundation@3.4.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-p6f7-utd6-eqej
2
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35
2
url pkg:composer/symfony/http-foundation@4.2.12
purl pkg:composer/symfony/http-foundation@4.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-p6f7-utd6-eqej
2
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12
3
url pkg:composer/symfony/http-foundation@4.3.8
purl pkg:composer/symfony/http-foundation@4.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-p6f7-utd6-eqej
2
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8
aliases CVE-2019-18888, GHSA-xhh6-956q-4q69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37et-21qw-skd7
1
url VCID-7m45-bvbn-4qd3
vulnerability_id VCID-7m45-bvbn-4qd3
summary 
SQL Injection
In Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.4935
published_at 2026-06-05T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49289
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10913
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml
11
reference_url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10913
13
reference_url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
14
reference_url https://symfony.com/cve-2019-10913
reference_id CVE-2019-10913
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10913
15
reference_url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
reference_id GHSA-x92h-wmg2-6hp7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x92h-wmg2-6hp7
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.50
purl pkg:composer/symfony/http-foundation@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-bhnt-pgq7-yya3
2
vulnerability VCID-p6f7-utd6-eqej
3
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.50
1
url pkg:composer/symfony/http-foundation@3.4.26
purl pkg:composer/symfony/http-foundation@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-bhnt-pgq7-yya3
2
vulnerability VCID-p6f7-utd6-eqej
3
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.26
2
url pkg:composer/symfony/http-foundation@4.1.12
purl pkg:composer/symfony/http-foundation@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.12
3
url pkg:composer/symfony/http-foundation@4.2.7
purl pkg:composer/symfony/http-foundation@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-bhnt-pgq7-yya3
2
vulnerability VCID-p6f7-utd6-eqej
3
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.7
aliases CVE-2019-10913, GHSA-x92h-wmg2-6hp7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m45-bvbn-4qd3
2
url VCID-bhnt-pgq7-yya3
vulnerability_id VCID-bhnt-pgq7-yya3
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.06307
scoring_system epss
scoring_elements 0.91125
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
5
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
8
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/http-foundation@5.4.50
purl pkg:composer/symfony/http-foundation@5.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.50
1
url pkg:composer/symfony/http-foundation@6.4.29
purl pkg:composer/symfony/http-foundation@6.4.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.29
2
url pkg:composer/symfony/http-foundation@7.3.7
purl pkg:composer/symfony/http-foundation@7.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.3.7
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3
3
url VCID-nsuz-7sdv-abef
vulnerability_id VCID-nsuz-7sdv-abef
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
reference_id
reference_type
scores
0
value 0.01086
scoring_system epss
scoring_elements 0.7827
published_at 2026-06-05T12:55:00Z
1
value 0.01086
scoring_system epss
scoring_elements 0.78244
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11386
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml
11
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11386
16
reference_url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11386
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.41
purl pkg:composer/symfony/http-foundation@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-qqd1-smb1-sbe8
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41
1
url pkg:composer/symfony/http-foundation@3.3.17
purl pkg:composer/symfony/http-foundation@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-nsuz-7sdv-abef
4
vulnerability VCID-p6f7-utd6-eqej
5
vulnerability VCID-qqd1-smb1-sbe8
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17
2
url pkg:composer/symfony/http-foundation@3.4.11
purl pkg:composer/symfony/http-foundation@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-qqd1-smb1-sbe8
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11
3
url pkg:composer/symfony/http-foundation@4.0.11
purl pkg:composer/symfony/http-foundation@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-qqd1-smb1-sbe8
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11
aliases CVE-2018-11386, GHSA-r2rq-3h56-fqm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef
4
url VCID-p6f7-utd6-eqej
vulnerability_id VCID-p6f7-utd6-eqej
summary 
Information Exposure
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56852
published_at 2026-06-05T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56801
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
8
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
9
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
19
reference_url https://symfony.com/cve-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-21424
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
reference_id CVE-2021-21424
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
21
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
reference_id GHSA-5pv8-ppvj-4h68
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
22
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/http-foundation@4.0.0-BETA1
purl pkg:composer/symfony/http-foundation@4.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.0-BETA1
1
url pkg:composer/symfony/http-foundation@4.4.23
purl pkg:composer/symfony/http-foundation@4.4.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.4.23
2
url pkg:composer/symfony/http-foundation@5.2.8
purl pkg:composer/symfony/http-foundation@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.2.8
aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej
5
url VCID-qqd1-smb1-sbe8
vulnerability_id VCID-qqd1-smb1-sbe8
summary 
URL Rewrite vulnerability
An issue in Symfony arises from support for a (legacy) IIS header that lets users override the path in the request URL via the `X-Original-URL` or `X-Rewrite-URL` HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects `\Symfony\Component\HttpFoundation\Request::prepareRequestUri()` where `X-Original-URL` and `X_REWRITE_URL` are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
reference_id
reference_type
scores
0
value 0.16652
scoring_system epss
scoring_elements 0.95057
published_at 2026-06-05T12:55:00Z
1
value 0.16652
scoring_system epss
scoring_elements 0.95049
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14773
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml
11
reference_url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b
12
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14773
14
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
15
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
16
reference_url https://www.drupal.org/SA-CORE-2018-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/SA-CORE-2018-005
17
reference_url http://www.securityfocus.com/bid/104943
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104943
18
reference_url http://www.securitytracker.com/id/1041405
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041405
19
reference_url https://security.archlinux.org/AVG-744
reference_id AVG-744
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-744
20
reference_url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
reference_id CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
21
reference_url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
reference_id GHSA-8wgj-6wx8-h5hq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wgj-6wx8-h5hq
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.44
purl pkg:composer/symfony/http-foundation@2.8.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44
1
url pkg:composer/symfony/http-foundation@3.3.18
purl pkg:composer/symfony/http-foundation@3.3.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-qqd1-smb1-sbe8
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18
2
url pkg:composer/symfony/http-foundation@3.4.14
purl pkg:composer/symfony/http-foundation@3.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14
3
url pkg:composer/symfony/http-foundation@4.0.14
purl pkg:composer/symfony/http-foundation@4.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14
4
url pkg:composer/symfony/http-foundation@4.1.3
purl pkg:composer/symfony/http-foundation@4.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37et-21qw-skd7
1
vulnerability VCID-7m45-bvbn-4qd3
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-p6f7-utd6-eqej
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3
aliases CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqd1-smb1-sbe8
6
url VCID-zgxf-qxwu-pqf9
vulnerability_id VCID-zgxf-qxwu-pqf9
summary 
Symfony vulnerable to open redirect via browser-sanitized URLs
The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.60672
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
4
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
5
reference_url https://url.spec.whatwg.org
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://url.spec.whatwg.org
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
reference_id CVE-2024-50345
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
7
reference_url https://symfony.com/cve-2024-50345
reference_id CVE-2024-50345
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50345
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
reference_id CVE-2024-50345.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
reference_id CVE-2024-50345.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
10
reference_url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/http-foundation@7.2.0-BETA1
purl pkg:composer/symfony/http-foundation@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.2.0-BETA1
1
url pkg:composer/symfony/http-foundation@5.4.46
purl pkg:composer/symfony/http-foundation@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@5.4.46
2
url pkg:composer/symfony/http-foundation@6.4.14
purl pkg:composer/symfony/http-foundation@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@6.4.14
3
url pkg:composer/symfony/http-foundation@7.1.7
purl pkg:composer/symfony/http-foundation@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@7.1.7
aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.22