{"url":"http://public2.vulnerablecode.io/api/packages/385921?format=json","purl":"pkg:composer/symfony/symfony@3.2.12","type":"composer","namespace":"symfony","name":"symfony","version":"3.2.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.51","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175223?format=json","vulnerability_id":"VCID-14u2-1zfk-rfgg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75618","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75688","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75702","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19789.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b65e6f1a47b68f2713b60cdac9cc3a4af62a2d1c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19789"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path"},{"reference_url":"https://symfony.com/cve-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19789"},{"reference_url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124224817/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://github.com/advisories/GHSA-x3cf-w64x-4cp2","reference_id":"GHSA-x3cf-w64x-4cp2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3cf-w64x-4cp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386000?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/386001?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/386002?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/386003?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19789","GHSA-x3cf-w64x-4cp2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14u2-1zfk-rfgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175229?format=json","vulnerability_id":"VCID-277x-pbyn-v7em","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49527","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4939","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49545","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15749?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/15741?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15736?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10913","GHSA-x92h-wmg2-6hp7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-277x-pbyn-v7em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132895?format=json","vulnerability_id":"VCID-2vph-t5gn-xbfa","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85959","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.8597","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02588","scoring_system":"epss","scoring_elements":"0.85911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"5d095d5feb1322b16450284a04d6bb48d1198f54","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"9da9a145ce57e4585031ad4bee37c497353eec7c","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381143?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/381039?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/381040?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-mmwy-6jga-u7fb"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/664541?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-mmwy-6jga-u7fb"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205844?format=json","vulnerability_id":"VCID-39fv-3va8-5fed","summary":"An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a \"null\" password and valid username, which triggers an unauthenticated bind.  NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34005","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34181","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34205","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934"},{"reference_url":"https://github.com/symfony/symfony/pull/27377","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/27377"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11407"},{"reference_url":"https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"},{"reference_url":"https://symfony.com/cve-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11407"},{"reference_url":"https://github.com/advisories/GHSA-35c5-28pg-2qg4","reference_id":"GHSA-35c5-28pg-2qg4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35c5-28pg-2qg4"},{"reference_url":"https://usn.ubuntu.com/USN-4836-1/","reference_id":"USN-USN-4836-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4836-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385309?format=json","purl":"pkg:composer/symfony/symfony@3.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/385310?format=json","purl":"pkg:composer/symfony/symfony@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7"}],"aliases":["CVE-2018-11407","GHSA-35c5-28pg-2qg4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39fv-3va8-5fed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173331?format=json","vulnerability_id":"VCID-3x8r-7w2f-jfbd","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39693","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39888","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39864","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380364?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380365?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380366?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/610467?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380367?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/610479?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380368?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-mmwy-6jga-u7fb"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175226?format=json","vulnerability_id":"VCID-3xr5-h38c-9fc2","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93926","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93931","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb"},{"reference_url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b"},{"reference_url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910"},{"reference_url":"https://symfony.com/cve-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10910"},{"reference_url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid","reference_id":"CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2","reference_id":"GHSA-pgwj-prpq-jpc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15749?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/15741?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15736?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10910","GHSA-pgwj-prpq-jpc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xr5-h38c-9fc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208258?format=json","vulnerability_id":"VCID-48cj-cbs6-83d7","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.57059","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56925","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.57045","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21424"},{"reference_url":"https://symfony.com/cve-2021-21424","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-21424"},{"reference_url":"https://github.com/advisories/GHSA-5pv8-ppvj-4h68","reference_id":"GHSA-5pv8-ppvj-4h68","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5pv8-ppvj-4h68"},{"reference_url":"https://usn.ubuntu.com/USN-5290-1/","reference_id":"USN-USN-5290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/503008?format=json","purl":"pkg:composer/symfony/symfony@3.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.48"},{"url":"http://public2.vulnerablecode.io/api/packages/383566?format=json","purl":"pkg:composer/symfony/symfony@3.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.49"},{"url":"http://public2.vulnerablecode.io/api/packages/503024?format=json","purl":"pkg:composer/symfony/symfony@4.4.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.23"},{"url":"http://public2.vulnerablecode.io/api/packages/383567?format=json","purl":"pkg:composer/symfony/symfony@4.4.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.24"},{"url":"http://public2.vulnerablecode.io/api/packages/383693?format=json","purl":"pkg:composer/symfony/symfony@5.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dqes-1qfp-e7ds"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/383568?format=json","purl":"pkg:composer/symfony/symfony@5.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dqes-1qfp-e7ds"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.9"}],"aliases":["CVE-2021-21424","GHSA-5pv8-ppvj-4h68"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48cj-cbs6-83d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124318?format=json","vulnerability_id":"VCID-532e-g8g2-m3am","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78314","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78382","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78396","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://github.com/advisories/GHSA-r2rq-3h56-fqm4","reference_id":"GHSA-r2rq-3h56-fqm4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r2rq-3h56-fqm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-532e-g8g2-m3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56765?format=json","vulnerability_id":"VCID-6aj5-vhfg-qkgk","summary":"symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60852","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60842","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60737","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"url.spec.whatwg.org","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42011?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/42005?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41548?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/42008?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/756496?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35253?format=json","vulnerability_id":"VCID-6byh-zvqa-qucx","summary":"Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74255","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74268","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74181","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42011?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/42005?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/41548?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/42008?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-171u-rrtu-h7by"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/756496?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177858?format=json","vulnerability_id":"VCID-6re2-zrsx-pbgz","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74768","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74697","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74781","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15838?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/15836?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15833?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6re2-zrsx-pbgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124309?format=json","vulnerability_id":"VCID-7hjf-a7c6-5ye2","summary":"security update","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44929","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45079","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.45093","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/24995","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24995"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16652"},{"reference_url":"https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://symfony.com/cve-2017-16652","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16652"},{"reference_url":"http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers","reference_id":"CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://github.com/advisories/GHSA-r7p7-qr7p-2rrf","reference_id":"GHSA-r7p7-qr7p-2rrf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7p7-qr7p-2rrf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22150?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/22147?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/390456?format=json","purl":"pkg:composer/symfony/symfony@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/390457?format=json","purl":"pkg:composer/symfony/symfony@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5"}],"aliases":["CVE-2017-16652","GHSA-r7p7-qr7p-2rrf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hjf-a7c6-5ye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56926?format=json","vulnerability_id":"VCID-8trz-ymga-uqdb","summary":"symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48138","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48292","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48275","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372866?format=json","purl":"pkg:composer/symfony/symfony@5.4.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/372867?format=json","purl":"pkg:composer/symfony/symfony@6.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/372868?format=json","purl":"pkg:composer/symfony/symfony@7.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8trz-ymga-uqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175222?format=json","vulnerability_id":"VCID-bhuc-44kp-3fgx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95096","published_at":"2026-06-13T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95079","published_at":"2026-06-11T12:55:00Z"},{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95094","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21038?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/21034?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/21037?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/21029?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173502?format=json","vulnerability_id":"VCID-dnwt-puv7-mbgm","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07343","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07336","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07301","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"076fd2088ada33d760758d98ff07ddedbf567946","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.yaml","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"msg00014.html","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380364?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/468233?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380365?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380366?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/610467?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380367?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/610479?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/380368?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-mmwy-6jga-u7fb"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124315?format=json","vulnerability_id":"VCID-dr7w-qh7g-2qgt","summary":"security update","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72194","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72277","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72289","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16790.yaml"},{"reference_url":"https://github.com/symfony/form","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/form"},{"reference_url":"https://github.com/symfony/symfony/pull/24993","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24993"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16790"},{"reference_url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"},{"reference_url":"https://symfony.com/cve-2017-16790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16790"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files","reference_id":"CVE-2017-16790-ENSURE-THAT-SUBMITTED-DATA-ARE-UPLOADED-FILES","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files"},{"reference_url":"https://github.com/advisories/GHSA-cqqh-94r6-wjrg","reference_id":"GHSA-cqqh-94r6-wjrg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cqqh-94r6-wjrg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22150?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/22147?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/390456?format=json","purl":"pkg:composer/symfony/symfony@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/390457?format=json","purl":"pkg:composer/symfony/symfony@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5"}],"aliases":["CVE-2017-16790","GHSA-cqqh-94r6-wjrg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dr7w-qh7g-2qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175224?format=json","vulnerability_id":"VCID-dyqe-h5ha-pbc6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63943","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.64045","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.64059","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19790"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http"},{"reference_url":"https://symfony.com/cve-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-19790"},{"reference_url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"http://www.securityfocus.com/bid/106249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106249"},{"reference_url":"https://github.com/advisories/GHSA-89r2-5g34-2g47","reference_id":"GHSA-89r2-5g34-2g47","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89r2-5g34-2g47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386000?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/386001?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/386002?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/386003?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19790","GHSA-89r2-5g34-2g47"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyqe-h5ha-pbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175228?format=json","vulnerability_id":"VCID-hrpp-29gt-1kap","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78612","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78695","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78678","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912"},{"reference_url":"https://symfony.com/cve-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10912"},{"reference_url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized","reference_id":"CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3","reference_id":"GHSA-w2fr-65vp-mxw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15749?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/15741?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15736?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10912","GHSA-w2fr-65vp-mxw3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrpp-29gt-1kap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124313?format=json","vulnerability_id":"VCID-jcpm-ugf9-qygf","summary":"security update","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68172","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6826","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68273","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/intl/CVE-2017-16654.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16654.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/24994","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24994"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16654"},{"reference_url":"https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"},{"reference_url":"https://symfony.com/cve-2017-16654","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16654"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths","reference_id":"CVE-2017-16654-INTL-BUNDLE-READERS-BREAKING-OUT-OF-PATHS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"},{"reference_url":"https://github.com/advisories/GHSA-c49r-8gj6-768r","reference_id":"GHSA-c49r-8gj6-768r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c49r-8gj6-768r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22150?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/22147?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/390456?format=json","purl":"pkg:composer/symfony/symfony@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/390457?format=json","purl":"pkg:composer/symfony/symfony@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0-BETA5"}],"aliases":["CVE-2017-16654","GHSA-c49r-8gj6-768r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcpm-ugf9-qygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124320?format=json","vulnerability_id":"VCID-k6d1-hvtf-kfbv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40011","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.4018","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40203","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://github.com/advisories/GHSA-g4g7-q726-v5hg","reference_id":"GHSA-g4g7-q726-v5hg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4g7-q726-v5hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6d1-hvtf-kfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163815?format=json","vulnerability_id":"VCID-k8q8-sb46-5qbw","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38749","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38772","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38576","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"f0ffb775febdf07e57117aabadac96fa37857f50","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392134?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/392135?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/392136?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-upms-wc51-gkhg"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8q8-sb46-5qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205039?format=json","vulnerability_id":"VCID-pdsg-euaa-jkbk","summary":"The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6662","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66713","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66726","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390453?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/390580?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdsg-euaa-jkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177860?format=json","vulnerability_id":"VCID-rp8k-1gkg-syfa","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85169","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85117","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85178","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15838?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/15836?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15833?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp8k-1gkg-syfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204313?format=json","vulnerability_id":"VCID-sqhp-d28s-hbgb","summary":"Symfony Unsafe Cache Serialization Could Enable RCE","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889","reference_id":"","reference_type":"","scores":[{"value":"0.05134","scoring_system":"epss","scoring_elements":"0.90109","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05134","scoring_system":"epss","scoring_elements":"0.90078","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05134","scoring_system":"epss","scoring_elements":"0.90117","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18889"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18889"},{"reference_url":"https://symfony.com/cve-2019-18889","reference_id":"CVE-2019-18889","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18889"},{"reference_url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances","reference_id":"CVE-2019-18889-FORBID-SERIALIZING-ABSTRACTADAPTER-AND-TAGAWAREADAPTER-INSTANCES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml","reference_id":"CVE-2019-18889.YAML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18889.yaml"},{"reference_url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3","reference_id":"GHSA-79gr-58r3-pwm3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79gr-58r3-pwm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21033?format=json","purl":"pkg:composer/symfony/symfony@3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/15838?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/15836?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15833?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-kkdk-k66f-hqcr"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18889","GHSA-79gr-58r3-pwm3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqhp-d28s-hbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175227?format=json","vulnerability_id":"VCID-t9v8-mwys-pba3","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.51071","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50938","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.51085","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911"},{"reference_url":"https://symfony.com/cve-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10911"},{"reference_url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash","reference_id":"CVE-2019-10911-ADD-A-SEPARATOR-IN-THE-REMEMBER-ME-COOKIE-HASH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr","reference_id":"GHSA-cchx-mfrc-fwqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15749?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/15741?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15736?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10911","GHSA-cchx-mfrc-fwqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9v8-mwys-pba3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205846?format=json","vulnerability_id":"VCID-tzdw-gzb2-kbd7","summary":"The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.  NOTE: this issue exists because of an incomplete fix for CVE-2017-16652.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.5433","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54457","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54472","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11408"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11408.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b20e83562e32c56f8d9b8296ab07b0e4c0a54db8"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11408"},{"reference_url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers"},{"reference_url":"https://symfony.com/cve-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11408"},{"reference_url":"https://github.com/advisories/GHSA-7hwc-2cq4-6x2w","reference_id":"GHSA-7hwc-2cq4-6x2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hwc-2cq4-6x2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11408","GHSA-7hwc-2cq4-6x2w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzdw-gzb2-kbd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175225?format=json","vulnerability_id":"VCID-vc7s-6p62-bfaw","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58295","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58182","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58311","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/15749?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/15741?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/15736?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-c6xj-n2un-kkfz"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-qw3t-3tjv-7qdy"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-uys7-kpcx-f3ec"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124311?format=json","vulnerability_id":"VCID-xvfe-m9hv-7yfh","summary":"security update","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.56053","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55933","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.56068","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-16653"},{"reference_url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https","reference_id":"CVE-2017-16653-CSRF-PROTECTION-DOES-NOT-USE-DIFFERENT-TOKENS-FOR-HTTP-AND-HTTPS","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq","reference_id":"GHSA-92x6-h2gr-8gxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22150?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/22147?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/15740?format=json","purl":"pkg:composer/symfony/symfony@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0"}],"aliases":["CVE-2017-16653","GHSA-92x6-h2gr-8gxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvfe-m9hv-7yfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124317?format=json","vulnerability_id":"VCID-yf6v-q6j4-eubb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76167","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76238","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76252","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://github.com/advisories/GHSA-g4rg-rw65-8hfg","reference_id":"GHSA-g4rg-rw65-8hfg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4rg-rw65-8hfg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385063?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/385064?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/385065?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yf6v-q6j4-eubb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82620?format=json","vulnerability_id":"VCID-yz7h-r417-zuds","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01641","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01635","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01639","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"35203939050e5abd3caf2202113b00cab5d379b3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"62921","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"63164","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"CVE-2026-24739","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38351?format=json","purl":"pkg:composer/symfony/symfony@5.4.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/38355?format=json","purl":"pkg:composer/symfony/symfony@6.4.33","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33"},{"url":"http://public2.vulnerablecode.io/api/packages/41548?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/38358?format=json","purl":"pkg:composer/symfony/symfony@7.3.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11"},{"url":"http://public2.vulnerablecode.io/api/packages/878667?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/38344?format=json","purl":"pkg:composer/symfony/symfony@7.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/41539?format=json","purl":"pkg:composer/symfony/symfony@8.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/38361?format=json","purl":"pkg:composer/symfony/symfony@8.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90445?format=json","vulnerability_id":"VCID-zws9-ffpd-5ffw","summary":"Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500","reference_id":"","reference_type":"","scores":[{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91193","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91154","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06307","scoring_system":"epss","scoring_elements":"0.91185","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac","reference_id":"9962b91b12bb791322fa73836b350836b6db7cac","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500","reference_id":"CVE-2025-64500","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64500"},{"reference_url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_id":"cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.yaml","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml","reference_id":"CVE-2025-64500.yaml","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3rg7-wf37-54rm"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm","reference_id":"GHSA-3rg7-wf37-54rm","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35124?format=json","purl":"pkg:composer/symfony/symfony@5.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yz7h-r417-zuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/41542?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/35136?format=json","purl":"pkg:composer/symfony/symfony@6.4.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yz7h-r417-zuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29"},{"url":"http://public2.vulnerablecode.io/api/packages/41548?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v6ps-emz1-dyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/35134?format=json","purl":"pkg:composer/symfony/symfony@7.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yz7h-r417-zuds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/878667?format=json","purl":"pkg:composer/symfony/symfony@7.4.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1"}],"aliases":["CVE-2025-64500","GHSA-3rg7-wf37-54rm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219122?format=json","vulnerability_id":"VCID-qwpt-wwq8-9bc2","summary":"Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5827","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58382","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58398","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f"},{"reference_url":"https://github.com/symfony/symfony/pull/23507","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/23507"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365"},{"reference_url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue"},{"reference_url":"https://symfony.com/cve-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-11365"},{"reference_url":"https://github.com/advisories/GHSA-q87v-q8fw-gmj5","reference_id":"GHSA-q87v-q8fw-gmj5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q87v-q8fw-gmj5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385919?format=json","purl":"pkg:composer/symfony/symfony@2.7.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.32"},{"url":"http://public2.vulnerablecode.io/api/packages/385920?format=json","purl":"pkg:composer/symfony/symfony@2.8.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.25"},{"url":"http://public2.vulnerablecode.io/api/packages/385921?format=json","purl":"pkg:composer/symfony/symfony@3.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/385922?format=json","purl":"pkg:composer/symfony/symfony@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14u2-1zfk-rfgg"},{"vulnerability":"VCID-277x-pbyn-v7em"},{"vulnerability":"VCID-2vph-t5gn-xbfa"},{"vulnerability":"VCID-39fv-3va8-5fed"},{"vulnerability":"VCID-3x8r-7w2f-jfbd"},{"vulnerability":"VCID-3xr5-h38c-9fc2"},{"vulnerability":"VCID-48cj-cbs6-83d7"},{"vulnerability":"VCID-532e-g8g2-m3am"},{"vulnerability":"VCID-6aj5-vhfg-qkgk"},{"vulnerability":"VCID-6byh-zvqa-qucx"},{"vulnerability":"VCID-6re2-zrsx-pbgz"},{"vulnerability":"VCID-7hjf-a7c6-5ye2"},{"vulnerability":"VCID-8trz-ymga-uqdb"},{"vulnerability":"VCID-bhuc-44kp-3fgx"},{"vulnerability":"VCID-dnwt-puv7-mbgm"},{"vulnerability":"VCID-dr7w-qh7g-2qgt"},{"vulnerability":"VCID-dyqe-h5ha-pbc6"},{"vulnerability":"VCID-hrpp-29gt-1kap"},{"vulnerability":"VCID-jcpm-ugf9-qygf"},{"vulnerability":"VCID-k6d1-hvtf-kfbv"},{"vulnerability":"VCID-k8q8-sb46-5qbw"},{"vulnerability":"VCID-n17z-j2b9-fub1"},{"vulnerability":"VCID-pdsg-euaa-jkbk"},{"vulnerability":"VCID-rp8k-1gkg-syfa"},{"vulnerability":"VCID-sqhp-d28s-hbgb"},{"vulnerability":"VCID-t9v8-mwys-pba3"},{"vulnerability":"VCID-tzdw-gzb2-kbd7"},{"vulnerability":"VCID-vc7s-6p62-bfaw"},{"vulnerability":"VCID-xvfe-m9hv-7yfh"},{"vulnerability":"VCID-yf6v-q6j4-eubb"},{"vulnerability":"VCID-yz7h-r417-zuds"},{"vulnerability":"VCID-zws9-ffpd-5ffw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.5"}],"aliases":["CVE-2017-11365","GHSA-q87v-q8fw-gmj5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwpt-wwq8-9bc2"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.12"}