Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/symfony@5.4.46

Type composer

Namespace symfony

Name symfony

Version 5.4.46

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.4.51

Latest_non_vulnerable_version 8.0.12

Affected_by_vulnerabilities

url VCID-171u-rrtu-h7by

vulnerability_id VCID-171u-rrtu-h7by

summary SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-47767

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26547
published_at	2026-06-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26549
published_at	2026-06-14T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26562
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-47767

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/advisories/GHSA-fqc7-9xjw-jrh3

reference_id

GHSA-fqc7-9xjw-jrh3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fqc7-9xjw-jrh3

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-fqc7-9xjw-jrh3

reference_id

GHSA-fqc7-9xjw-jrh3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/security/advisories/GHSA-fqc7-9xjw-jrh3

fixed_packages

url	pkg:composer/symfony/symfony@5.4.52
purl	pkg:composer/symfony/symfony@5.4.52
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.52

url	pkg:composer/symfony/symfony@6.4.40
purl	pkg:composer/symfony/symfony@6.4.40
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.40

url	pkg:composer/symfony/symfony@7.4.12
purl	pkg:composer/symfony/symfony@7.4.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.12

url	pkg:composer/symfony/symfony@8.0.12
purl	pkg:composer/symfony/symfony@8.0.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.12

aliases CVE-2026-47767, GHSA-fqc7-9xjw-jrh3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-171u-rrtu-h7by

url VCID-yz7h-r417-zuds

vulnerability_id VCID-yz7h-r417-zuds

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mis-handle unquoted arguments containing these characters. This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended. If an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive. The issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration). Versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5 contains a patch for the issue. Some workarounds are available. Avoid running PHP/one's own tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables. Avoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2. Where applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24739

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01649
published_at	2026-06-14T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01635
published_at	2026-06-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01639
published_at	2026-06-12T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01641
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24739

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3

reference_id

35203939050e5abd3caf2202113b00cab5d379b3

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3

reference_url

https://github.com/symfony/symfony/issues/62921

reference_id

62921

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/issues/62921

reference_url

https://github.com/symfony/symfony/pull/63164

reference_id

63164

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/pull/63164

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-24739

reference_id

CVE-2026-24739

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-24739

reference_url

https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_id

ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b

reference_url

https://github.com/advisories/GHSA-r39x-jcww-82v6

reference_id

GHSA-r39x-jcww-82v6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r39x-jcww-82v6

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6

reference_id

GHSA-r39x-jcww-82v6

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6

fixed_packages

url	pkg:composer/symfony/symfony@5.4.51
purl	pkg:composer/symfony/symfony@5.4.51
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url	pkg:composer/symfony/symfony@6.4.33
purl	pkg:composer/symfony/symfony@6.4.33
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url	pkg:composer/symfony/symfony@7.3.11
purl	pkg:composer/symfony/symfony@7.3.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11

url	pkg:composer/symfony/symfony@7.4.0-BETA1
purl	pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1

url	pkg:composer/symfony/symfony@7.4.5
purl	pkg:composer/symfony/symfony@7.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5

url pkg:composer/symfony/symfony@8.0.0-BETA1

purl pkg:composer/symfony/symfony@8.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1

url	pkg:composer/symfony/symfony@8.0.5
purl	pkg:composer/symfony/symfony@8.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5

aliases CVE-2026-24739, GHSA-r39x-jcww-82v6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7h-r417-zuds

url VCID-zws9-ffpd-5ffw

vulnerability_id VCID-zws9-ffpd-5ffw

summary Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption. Starting in versions 5.4.50, 6.4.29, and 7.3.7, the `Request` class now ensures that URL paths always start with a `/`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64500

reference_id

reference_type

scores

value	0.06307
scoring_system	epss
scoring_elements	0.91191
published_at	2026-06-14T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91154
published_at	2026-06-11T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91185
published_at	2026-06-12T12:55:00Z

value	0.06307
scoring_system	epss
scoring_elements	0.91193
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac

reference_id

9962b91b12bb791322fa73836b350836b6db7cac

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64500

reference_id

CVE-2025-64500

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64500

reference_url

https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_id

cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml

reference_id

CVE-2025-64500.yaml

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml

reference_id

CVE-2025-64500.yaml

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml

reference_url

https://github.com/advisories/GHSA-3rg7-wf37-54rm

reference_id

GHSA-3rg7-wf37-54rm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3rg7-wf37-54rm

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm

reference_id

GHSA-3rg7-wf37-54rm

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm

fixed_packages

url pkg:composer/symfony/symfony@5.4.50

purl pkg:composer/symfony/symfony@5.4.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.29

purl pkg:composer/symfony/symfony@6.4.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.3.7

purl pkg:composer/symfony/symfony@7.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yz7h-r417-zuds

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7

url	pkg:composer/symfony/symfony@7.4.0-BETA1
purl	pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1

aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zws9-ffpd-5ffw

Fixing_vulnerabilities

url VCID-6aj5-vhfg-qkgk

vulnerability_id VCID-6aj5-vhfg-qkgk

summary symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50345

reference_id

reference_type

scores

value	0.00394
scoring_system	epss
scoring_elements	0.60842
published_at	2026-06-12T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60846
published_at	2026-06-14T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60852
published_at	2026-06-13T12:55:00Z

value	0.00394
scoring_system	epss
scoring_elements	0.60737
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819

reference_url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50345

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50345

reference_url

https://symfony.com/cve-2024-50345

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50345

reference_url

https://github.com/advisories/GHSA-mrqx-rp3w-jpjp

reference_id

GHSA-mrqx-rp3w-jpjp

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mrqx-rp3w-jpjp

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp

reference_id

GHSA-mrqx-rp3w-jpjp

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp

reference_url

https://url.spec.whatwg.org

reference_id

url.spec.whatwg.org

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/

url

https://url.spec.whatwg.org

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6aj5-vhfg-qkgk

url VCID-6byh-zvqa-qucx

vulnerability_id VCID-6byh-zvqa-qucx

summary Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-51736

reference_id

reference_type

scores

value	0.00783
scoring_system	epss
scoring_elements	0.74266
published_at	2026-06-14T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74181
published_at	2026-06-11T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74268
published_at	2026-06-13T12:55:00Z

value	0.00783
scoring_system	epss
scoring_elements	0.74255
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-51736

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-51736

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-51736

reference_url

https://symfony.com/cve-2024-51736

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-51736

reference_url

https://github.com/advisories/GHSA-qq5c-677p-737q

reference_id

GHSA-qq5c-677p-737q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qq5c-677p-737q

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q

reference_id

GHSA-qq5c-677p-737q

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-51736, GHSA-qq5c-677p-737q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6byh-zvqa-qucx

url VCID-upms-wc51-gkhg

vulnerability_id VCID-upms-wc51-gkhg

summary symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-50340

reference_id

reference_type

scores

value	0.86622
scoring_system	epss
scoring_elements	0.99443
published_at	2026-06-14T12:55:00Z

value	0.86622
scoring_system	epss
scoring_elements	0.99442
published_at	2026-06-12T12:55:00Z

value	0.86622
scoring_system	epss
scoring_elements	0.9944
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-50340

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-50340

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-50340

reference_url

https://symfony.com/cve-2024-50340

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2024-50340

reference_url

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_id

a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/

url

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

reference_url

https://github.com/advisories/GHSA-x8vp-gf4q-mw5j

reference_id

GHSA-x8vp-gf4q-mw5j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x8vp-gf4q-mw5j

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

reference_id

GHSA-x8vp-gf4q-mw5j

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/symfony@5.4.46

purl pkg:composer/symfony/symfony@5.4.46

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

url pkg:composer/symfony/symfony@6.0.0-BETA1

purl pkg:composer/symfony/symfony@6.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1

url pkg:composer/symfony/symfony@6.4.14

purl pkg:composer/symfony/symfony@6.4.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-yz7h-r417-zuds

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14

url pkg:composer/symfony/symfony@7.0.0-BETA1

purl pkg:composer/symfony/symfony@7.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v6ps-emz1-dyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1

url pkg:composer/symfony/symfony@7.1.7

purl pkg:composer/symfony/symfony@7.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-171u-rrtu-h7by

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7

url pkg:composer/symfony/symfony@7.2.0-BETA1

purl pkg:composer/symfony/symfony@7.2.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zws9-ffpd-5ffw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1

aliases CVE-2024-50340, GHSA-x8vp-gf4q-mw5j

risk_score 10.0

exploitability 2.0

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-upms-wc51-gkhg

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46

Package Instance