| 0 |
| url |
VCID-14u2-1zfk-rfgg |
| vulnerability_id |
VCID-14u2-1zfk-rfgg |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 20 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19789, GHSA-x3cf-w64x-4cp2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-14u2-1zfk-rfgg |
|
| 1 |
| url |
VCID-277x-pbyn-v7em |
| vulnerability_id |
VCID-277x-pbyn-v7em |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10913, GHSA-x92h-wmg2-6hp7
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-277x-pbyn-v7em |
|
| 2 |
| url |
VCID-2vph-t5gn-xbfa |
| vulnerability_id |
VCID-2vph-t5gn-xbfa |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-46734, GHSA-q847-2q57-wmr3
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2vph-t5gn-xbfa |
|
| 3 |
| url |
VCID-3x8r-7w2f-jfbd |
| vulnerability_id |
VCID-3x8r-7w2f-jfbd |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3x8r-7w2f-jfbd |
|
| 4 |
| url |
VCID-3xr5-h38c-9fc2 |
| vulnerability_id |
VCID-3xr5-h38c-9fc2 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10910, GHSA-pgwj-prpq-jpc2
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3xr5-h38c-9fc2 |
|
| 5 |
| url |
VCID-48cj-cbs6-83d7 |
| vulnerability_id |
VCID-48cj-cbs6-83d7 |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-21424, GHSA-5pv8-ppvj-4h68
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-48cj-cbs6-83d7 |
|
| 6 |
| url |
VCID-6aj5-vhfg-qkgk |
| vulnerability_id |
VCID-6aj5-vhfg-qkgk |
| summary |
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://symfony.com/cve-2024-50345 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50345 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://url.spec.whatwg.org |
| reference_id |
url.spec.whatwg.org |
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/ |
|
|
| url |
https://url.spec.whatwg.org |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk |
|
| 7 |
| url |
VCID-6byh-zvqa-qucx |
| vulnerability_id |
VCID-6byh-zvqa-qucx |
| summary |
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://symfony.com/cve-2024-51736 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-51736 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-51736, GHSA-qq5c-677p-737q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx |
|
| 8 |
|
| 9 |
| url |
VCID-8trz-ymga-uqdb |
| vulnerability_id |
VCID-8trz-ymga-uqdb |
| summary |
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/symfony/symfony |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/symfony/symfony |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://symfony.com/cve-2024-50343 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://symfony.com/cve-2024-50343 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8trz-ymga-uqdb |
|
| 10 |
| url |
VCID-bhuc-44kp-3fgx |
| vulnerability_id |
VCID-bhuc-44kp-3fgx |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 11 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 12 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 13 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 14 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 15 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 16 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 17 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 18 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 21 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14773, GHSA-8wgj-6wx8-h5hq
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bhuc-44kp-3fgx |
|
| 11 |
|
| 12 |
| url |
VCID-dnwt-puv7-mbgm |
| vulnerability_id |
VCID-dnwt-puv7-mbgm |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dnwt-puv7-mbgm |
|
| 13 |
| url |
VCID-dyqe-h5ha-pbc6 |
| vulnerability_id |
VCID-dyqe-h5ha-pbc6 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.9 |
| purl |
pkg:composer/symfony/symfony@4.1.9 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 18 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 19 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.1 |
| purl |
pkg:composer/symfony/symfony@4.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 4 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 5 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 6 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 7 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 8 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 9 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 10 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 11 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 12 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 13 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 14 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 15 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 16 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 17 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 18 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 19 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 20 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1 |
|
|
| aliases |
CVE-2018-19790, GHSA-89r2-5g34-2g47
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dyqe-h5ha-pbc6 |
|
| 14 |
| url |
VCID-hrpp-29gt-1kap |
| vulnerability_id |
VCID-hrpp-29gt-1kap |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
|
| 54 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10912, GHSA-w2fr-65vp-mxw3
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hrpp-29gt-1kap |
|
| 15 |
| url |
VCID-k8q8-sb46-5qbw |
| vulnerability_id |
VCID-k8q8-sb46-5qbw |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2022-23601, GHSA-vvmr-8829-6whx
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k8q8-sb46-5qbw |
|
| 16 |
| url |
VCID-n17z-j2b9-fub1 |
| vulnerability_id |
VCID-n17z-j2b9-fub1 |
| summary |
An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.3 |
| purl |
pkg:composer/symfony/symfony@4.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-14u2-1zfk-rfgg |
|
| 1 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 2 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 3 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 4 |
| vulnerability |
VCID-3xr5-h38c-9fc2 |
|
| 5 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 6 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 7 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 8 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 9 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 10 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 11 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 12 |
| vulnerability |
VCID-dyqe-h5ha-pbc6 |
|
| 13 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 14 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 15 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 16 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 17 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 18 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 19 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 20 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 21 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3 |
|
|
| aliases |
CVE-2018-14774, GHSA-66p6-7p29-55p9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n17z-j2b9-fub1 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| url |
VCID-t9v8-mwys-pba3 |
| vulnerability_id |
VCID-t9v8-mwys-pba3 |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10911, GHSA-cchx-mfrc-fwqr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9v8-mwys-pba3 |
|
| 21 |
| url |
VCID-vc7s-6p62-bfaw |
| vulnerability_id |
VCID-vc7s-6p62-bfaw |
| summary |
security update |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/symfony/symfony@4.1.12 |
| purl |
pkg:composer/symfony/symfony@4.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-277x-pbyn-v7em |
|
| 1 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 2 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 3 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 4 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 5 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 6 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 7 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 8 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 9 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 10 |
| vulnerability |
VCID-hrpp-29gt-1kap |
|
| 11 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 12 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 13 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 14 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 15 |
| vulnerability |
VCID-t9v8-mwys-pba3 |
|
| 16 |
| vulnerability |
VCID-vc7s-6p62-bfaw |
|
| 17 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 18 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12 |
|
| 1 |
| url |
pkg:composer/symfony/symfony@4.2.7 |
| purl |
pkg:composer/symfony/symfony@4.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2vph-t5gn-xbfa |
|
| 1 |
| vulnerability |
VCID-3x8r-7w2f-jfbd |
|
| 2 |
| vulnerability |
VCID-48cj-cbs6-83d7 |
|
| 3 |
| vulnerability |
VCID-6aj5-vhfg-qkgk |
|
| 4 |
| vulnerability |
VCID-6byh-zvqa-qucx |
|
| 5 |
| vulnerability |
VCID-6re2-zrsx-pbgz |
|
| 6 |
| vulnerability |
VCID-8trz-ymga-uqdb |
|
| 7 |
| vulnerability |
VCID-c6xj-n2un-kkfz |
|
| 8 |
| vulnerability |
VCID-dnwt-puv7-mbgm |
|
| 9 |
| vulnerability |
VCID-k8q8-sb46-5qbw |
|
| 10 |
| vulnerability |
VCID-qw3t-3tjv-7qdy |
|
| 11 |
| vulnerability |
VCID-rp8k-1gkg-syfa |
|
| 12 |
| vulnerability |
VCID-sqhp-d28s-hbgb |
|
| 13 |
| vulnerability |
VCID-uys7-kpcx-f3ec |
|
| 14 |
| vulnerability |
VCID-yz7h-r417-zuds |
|
| 15 |
| vulnerability |
VCID-zws9-ffpd-5ffw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7 |
|
|
| aliases |
CVE-2019-10909, GHSA-g996-q5r8-w7g2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vc7s-6p62-bfaw |
|
| 22 |
| url |
VCID-yz7h-r417-zuds |
| vulnerability_id |
VCID-yz7h-r417-zuds |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-24739, GHSA-r39x-jcww-82v6
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds |
|
| 23 |
| url |
VCID-zws9-ffpd-5ffw |
| vulnerability_id |
VCID-zws9-ffpd-5ffw |
| summary |
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-64500, GHSA-3rg7-wf37-54rm
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw |
|