{"url":"http://public2.vulnerablecode.io/api/packages/22386?format=json","purl":"pkg:composer/symfony/symfony@2.8.0-alpha","type":"composer","namespace":"symfony","name":"symfony","version":"2.8.0-alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.51","latest_non_vulnerable_version":"8.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7808?format=json","vulnerability_id":"VCID-72pa-a6sv-fyg6","summary":"Unauthorized access on a misconfigured LDAP server\nThere's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35691","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36069","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36118","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36136","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36143","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36079","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3612","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36106","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36052","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35788","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.357","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35657","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35678","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35609","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35673","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36234","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-2403.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/18736","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/18736"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2403"},{"reference_url":"https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123224944/http://www.securityfocus.com/bid/96137"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2016-2403","reference_id":"CVE-2016-2403","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-2403"},{"reference_url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","reference_id":"CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"},{"reference_url":"https://github.com/advisories/GHSA-wvj5-r78r-hhfq","reference_id":"GHSA-wvj5-r78r-hhfq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvj5-r78r-hhfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22398?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/22400?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-2403","GHSA-wvj5-r78r-hhfq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72pa-a6sv-fyg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7412?format=json","vulnerability_id":"VCID-nsk8-bk5e-tbfh","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80883","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80636","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.8072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80721","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80782","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80804","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80825","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80819","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.80837","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.8088","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm","reference_id":"GHSA-whgv-8cg3-7hcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whgv-8cg3-7hcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22398?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-hxhq-zdyu-dudz"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-mm7e-kb6c-vucx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"},{"vulnerability":"VCID-vpsz-zhhq-xfbw"},{"vulnerability":"VCID-z2r1-8bdp-w7f5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/22400?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27sw-43vt-ukh3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-3uu1-kftu-nbhd"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-636u-5bdw-puh4"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-7sm1-74du-47gc"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bpkv-qrmp-huac"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-dqaj-qmbd-cya1"},{"vulnerability":"VCID-e71e-d4tr-wqgz"},{"vulnerability":"VCID-guzg-x6nu-pygu"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-k8zb-z9em-vqgm"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-v81g-hqja-hue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk8-bk5e-tbfh"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.0-alpha"}