{"url":"http://public2.vulnerablecode.io/api/packages/385436?format=json","purl":"pkg:composer/symfony/symfony@2.2.0-BETA2","type":"composer","namespace":"symfony","name":"symfony","version":"2.2.0-BETA2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.0-BETA5","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203856?format=json","vulnerability_id":"VCID-1hgq-8uk8-8kcm","summary":"Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=\"php\" attribute of a SCRIPT element.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31798?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/31799?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/31793?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hgq-8uk8-8kcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132895?format=json","vulnerability_id":"VCID-2vph-t5gn-xbfa","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"5d095d5feb1322b16450284a04d6bb48d1198f54","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"9da9a145ce57e4585031ad4bee37c497353eec7c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/664541?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/381143?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/381039?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/381040?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173331?format=json","vulnerability_id":"VCID-3x8r-7w2f-jfbd","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39693","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380364?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380365?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380366?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/610467?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380367?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/610479?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380368?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124318?format=json","vulnerability_id":"VCID-532e-g8g2-m3am","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78314","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385061?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/385062?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-532e-g8g2-m3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209640?format=json","vulnerability_id":"VCID-9kaa-3mpn-8qhz","summary":"Symphony CMS XSS Vulnerabilities","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.51013","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/60","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/60"},{"reference_url":"https://github.com/symphonycms/symphony-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2"},{"reference_url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getsymphony.com/download/releases/version/2.6.4"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getsymphony.com/download/releases/version/2.6.4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766","reference_id":"CVE-2015-8766","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766"},{"reference_url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html","reference_id":"CVE-2015-8766-GETSYMPHONEY.HTML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html"},{"reference_url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3","reference_id":"GHSA-4c5w-qqfg-grf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392475?format=json","purl":"pkg:composer/symfony/symfony@2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.4"}],"aliases":["CVE-2015-8766","GHSA-4c5w-qqfg-grf3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kaa-3mpn-8qhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211992?format=json","vulnerability_id":"VCID-b6m1-dn1m-h3ge","summary":"Symfony vulnerable to denial of service via a malicious HTTP Host header","references":[{"reference_url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8"},{"reference_url":"https://github.com/symfony/symfony/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11828"},{"reference_url":"https://symfony.com/cve-2014-5244","reference_id":"CVE-2014-5244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5244"},{"reference_url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header","reference_id":"CVE-2014-5244-DENIAL-OF-SERVICE-WITH-A-MALICIOUS-HTTP-HOST-HEADER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml","reference_id":"CVE-2014-5244.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml","reference_id":"CVE-2014-5244.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v77v-x634-9m56","reference_id":"GHSA-v77v-x634-9m56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v77v-x634-9m56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31776?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/31778?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/402113?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31780?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5244","GHSA-v77v-x634-9m56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6m1-dn1m-h3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175222?format=json","vulnerability_id":"VCID-bhuc-44kp-3fgx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95079","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21030?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/21035?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/21038?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/21034?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/21037?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/21029?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173502?format=json","vulnerability_id":"VCID-dnwt-puv7-mbgm","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07301","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"076fd2088ada33d760758d98ff07ddedbf567946","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.yaml","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380364?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380365?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380366?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/610467?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380367?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/610479?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380368?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212001?format=json","vulnerability_id":"VCID-gpzv-dr77-6fc4","summary":"Symfony Cross-Site Request Forgery vulnerability in the Web Profiler","references":[{"reference_url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/f38536ab79058f6a934426c41170256ba9623a02"},{"reference_url":"https://github.com/symfony/symfony/pull/11832","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11832"},{"reference_url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/web-profiler-bundle/commit/5b589ba83faf7eb20cec50725cd657075aebdd36"},{"reference_url":"https://symfony.com/cve-2014-6072","reference_id":"CVE-2014-6072","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6072"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml","reference_id":"CVE-2014-6072.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml","reference_id":"CVE-2014-6072.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/web-profiler-bundle/CVE-2014-6072.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw","reference_id":"GHSA-v35g-4rrw-h4fw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v35g-4rrw-h4fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31776?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/31778?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/402113?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31780?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6072","GHSA-v35g-4rrw-h4fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpzv-dr77-6fc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124320?format=json","vulnerability_id":"VCID-k6d1-hvtf-kfbv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40011","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385061?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/385062?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d1-hvtf-kfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163815?format=json","vulnerability_id":"VCID-k8q8-sb46-5qbw","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38576","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"f0ffb775febdf07e57117aabadac96fa37857f50","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392134?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-dnwt-puv7-mbgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/392135?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-dnwt-puv7-mbgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/392136?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-dnwt-puv7-mbgm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8q8-sb46-5qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205039?format=json","vulnerability_id":"VCID-pdsg-euaa-jkbk","summary":"The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6662","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390578?format=json","purl":"pkg:composer/symfony/symfony@2.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33"},{"url":"http://public2.vulnerablecode.io/api/packages/390579?format=json","purl":"pkg:composer/symfony/symfony@2.8.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26"},{"url":"http://public2.vulnerablecode.io/api/packages/390453?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/390580?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdsg-euaa-jkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177860?format=json","vulnerability_id":"VCID-rp8k-1gkg-syfa","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85117","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15840?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/15838?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/15836?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15833?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp8k-1gkg-syfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211994?format=json","vulnerability_id":"VCID-v27h-rcnb-6ffh","summary":"Symfony allows direct access of ESI URLs behind a trusted proxy","references":[{"reference_url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/654b1f281e09dd96ffbbd3da815411700423ecf5"},{"reference_url":"https://github.com/symfony/symfony/pull/11831","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11831"},{"reference_url":"https://symfony.com/cve-2014-5245","reference_id":"CVE-2014-5245","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5245"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml","reference_id":"CVE-2014-5245.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml","reference_id":"CVE-2014-5245.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5245.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm","reference_id":"GHSA-wvjv-p5rr-mmqm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvjv-p5rr-mmqm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31776?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/31778?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/402113?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31780?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-5245","GHSA-wvjv-p5rr-mmqm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v27h-rcnb-6ffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182746?format=json","vulnerability_id":"VCID-ww4c-2uy7-bfe1","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81116","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386319?format=json","purl":"pkg:composer/symfony/symfony@2.3.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.41"},{"url":"http://public2.vulnerablecode.io/api/packages/386320?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/384813?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/384814?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww4c-2uy7-bfe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211990?format=json","vulnerability_id":"VCID-xxwq-sddp-j7hv","summary":"Code injection in the way Symfony implements translation caching in FrameworkBundle","references":[{"reference_url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml","reference_id":"CVE-2014-4931.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml","reference_id":"CVE-2014-4931.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h","reference_id":"GHSA-wfv7-5x33-v22h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfv7-5x33-v22h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31776?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/31778?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/402113?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31780?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-4931","GHSA-wfv7-5x33-v22h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxwq-sddp-j7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211993?format=json","vulnerability_id":"VCID-ybs8-7wz2-quc4","summary":"Symfony has a security issue when parsing the Authorization header","references":[{"reference_url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904"},{"reference_url":"https://github.com/symfony/symfony/pull/11829","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11829"},{"reference_url":"https://symfony.com/cve-2014-6061","reference_id":"CVE-2014-6061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6061"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml","reference_id":"CVE-2014-6061.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml","reference_id":"CVE-2014-6061.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829","reference_id":"GHSA-h7v2-2qwg-h829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31776?format=json","purl":"pkg:composer/symfony/symfony@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/31778?format=json","purl":"pkg:composer/symfony/symfony@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/402113?format=json","purl":"pkg:composer/symfony/symfony@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31780?format=json","purl":"pkg:composer/symfony/symfony@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.4"}],"aliases":["CVE-2014-6061","GHSA-h7v2-2qwg-h829"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybs8-7wz2-quc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124317?format=json","vulnerability_id":"VCID-yf6v-q6j4-eubb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385061?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/385062?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yf6v-q6j4-eubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203857?format=json","vulnerability_id":"VCID-yu7n-cv95-abc7","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309"},{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"CVE-2015-2309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31798?format=json","purl":"pkg:composer/symfony/symfony@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/402102?format=json","purl":"pkg:composer/symfony/symfony@2.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-b6m1-dn1m-h3ge"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-gpzv-dr77-6fc4"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-v27h-rcnb-6ffh"},{"vulnerability":"VCID-xxwq-sddp-j7hv"},{"vulnerability":"VCID-ybs8-7wz2-quc4"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31799?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/403947?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/31793?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8vub-8664-w3aq"},{"vulnerability":"VCID-9csx-j51k-jyh9"},{"vulnerability":"VCID-a1ns-tqbq-nubk"},{"vulnerability":"VCID-ateb-64hj-p3dx"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-yf6v-q6j4-eubb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu7n-cv95-abc7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267089?format=json","vulnerability_id":"VCID-5dc7-um8u-nbhx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70474","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1397"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/81551"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2013-1397.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ba6e3159c0eeb3b6e21db32fce8fa2535cb3aa77"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1397"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released"},{"reference_url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g","reference_id":"GHSA-7w53-hfpw-rg3g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7w53-hfpw-rg3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385359?format=json","purl":"pkg:composer/symfony/symfony@2.0.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xdj-um9j-gfc1"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a3d8-ejjy-uyhs"},{"vulnerability":"VCID-b6m1-dn1m-h3ge"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-gpzv-dr77-6fc4"},{"vulnerability":"VCID-hdy7-9ncr-ybek"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-v27h-rcnb-6ffh"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-xxwq-sddp-j7hv"},{"vulnerability":"VCID-ybs8-7wz2-quc4"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.22"},{"url":"http://public2.vulnerablecode.io/api/packages/385437?format=json","purl":"pkg:composer/symfony/symfony@2.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xdj-um9j-gfc1"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-a3d8-ejjy-uyhs"},{"vulnerability":"VCID-b6m1-dn1m-h3ge"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-gpzv-dr77-6fc4"},{"vulnerability":"VCID-hdy7-9ncr-ybek"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-v27h-rcnb-6ffh"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-xxwq-sddp-j7hv"},{"vulnerability":"VCID-ybs8-7wz2-quc4"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385436?format=json","purl":"pkg:composer/symfony/symfony@2.2.0-BETA2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgq-8uk8-8kcm"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-9kaa-3mpn-8qhz"},{"vulnerability":"VCID-b6m1-dn1m-h3ge"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-gpzv-dr77-6fc4"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-v27h-rcnb-6ffh"},{"vulnerability":"VCID-ww4c-2uy7-bfe1"},{"vulnerability":"VCID-xxwq-sddp-j7hv"},{"vulnerability":"VCID-ybs8-7wz2-quc4"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yu7n-cv95-abc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0-BETA2"}],"aliases":["CVE-2013-1397","GHSA-7w53-hfpw-rg3g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dc7-um8u-nbhx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.2.0-BETA2"}