{"url":"http://public2.vulnerablecode.io/api/packages/50219?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.0","type":"composer","namespace":"symfony","name":"http-foundation","version":"2.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.52","latest_non_vulnerable_version":"7.3.7","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10325?format=json","vulnerability_id":"VCID-4x2d-4vu2-y7h6","summary":"Routes behind a firewall are accessible even when not logged in\nSymfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44618","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6431"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496"},{"reference_url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6431"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"},{"reference_url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50221?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19"}],"aliases":["CVE-2012-6431","GHSA-83c3-qx27-2rwr"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x2d-4vu2-y7h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10560?format=json","vulnerability_id":"VCID-hkeu-kzf7-67e6","summary":"Improper Authorization\nSecurity issue when parsing the Authorization header.","references":[{"reference_url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3b4046e89467dc1fb5e079e377c2cfd4c239f904"},{"reference_url":"https://github.com/symfony/symfony/pull/11829","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11829"},{"reference_url":"https://symfony.com/cve-2014-6061","reference_id":"CVE-2014-6061","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-6061"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml","reference_id":"CVE-2014-6061.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml","reference_id":"CVE-2014-6061.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-6061.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829","reference_id":"GHSA-h7v2-2qwg-h829","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7v2-2qwg-h829"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81559?format=json","purl":"pkg:composer/symfony/http-foundation@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/50873?format=json","purl":"pkg:composer/symfony/http-foundation@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/90472?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/50874?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51163?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11"}],"aliases":["CVE-2014-6061","GHSA-h7v2-2qwg-h829"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkeu-kzf7-67e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12690?format=json","vulnerability_id":"VCID-kx25-m1mp-zfay","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115746?format=json","purl":"pkg:composer/symfony/http-foundation@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/54842?format=json","purl":"pkg:composer/symfony/http-foundation@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/115847?format=json","purl":"pkg:composer/symfony/http-foundation@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54843?format=json","purl":"pkg:composer/symfony/http-foundation@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54844?format=json","purl":"pkg:composer/symfony/http-foundation@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142076?format=json","vulnerability_id":"VCID-mbd5-rsax-jya9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85034","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74430?format=json","purl":"pkg:composer/symfony/http-foundation@2.8.52","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/74428?format=json","purl":"pkg:composer/symfony/http-foundation@3.4.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74429?format=json","purl":"pkg:composer/symfony/http-foundation@4.2.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74434?format=json","purl":"pkg:composer/symfony/http-foundation@4.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10407?format=json","vulnerability_id":"VCID-mczp-th6d-wbfr","summary":"Information Exporure\n`Request::getHost()` poisoning vulnerability in Symfony.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114450.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114461.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76411","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4752"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86365"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86366"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86367"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86368"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86369"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86370"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86371"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86372"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86373"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86374"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20130901060826/http://www.securityfocus.com/bid/61715"},{"reference_url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752","reference_id":"CVE-2013-4752","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4752"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml","reference_id":"CVE-2013-4752.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml","reference_id":"CVE-2013-4752.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-4752.yaml"},{"reference_url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp","reference_id":"GHSA-22pv-7v9j-hqxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22pv-7v9j-hqxp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50452?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.24"},{"url":"http://public2.vulnerablecode.io/api/packages/50453?format=json","purl":"pkg:composer/symfony/http-foundation@2.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/50454?format=json","purl":"pkg:composer/symfony/http-foundation@2.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/50455?format=json","purl":"pkg:composer/symfony/http-foundation@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.3"}],"aliases":["CVE-2013-4752","GHSA-22pv-7v9j-hqxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mczp-th6d-wbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10318?format=json","vulnerability_id":"VCID-nrvb-8739-vkdf","summary":"Information Exposure\n`Request::getClientIp()` gives access to client IP when the trust proxy mode is enabled.","references":[{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50221?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/86036?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/50222?format=json","purl":"pkg:composer/symfony/http-foundation@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/86040?format=json","purl":"pkg:composer/symfony/http-foundation@2.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.5"}],"aliases":["GMS-2012-9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrvb-8739-vkdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10561?format=json","vulnerability_id":"VCID-ntme-svm1-5qd9","summary":"Uncontrolled Resource Consumption\nDenial of service with a malicious HTTP Host header.","references":[{"reference_url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8"},{"reference_url":"https://github.com/symfony/symfony/pull/11828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/11828"},{"reference_url":"https://symfony.com/cve-2014-5244","reference_id":"CVE-2014-5244","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2014-5244"},{"reference_url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header","reference_id":"CVE-2014-5244-DENIAL-OF-SERVICE-WITH-A-MALICIOUS-HTTP-HOST-HEADER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml","reference_id":"CVE-2014-5244.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml","reference_id":"CVE-2014-5244.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-5244.yaml"},{"reference_url":"https://github.com/advisories/GHSA-v77v-x634-9m56","reference_id":"GHSA-v77v-x634-9m56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v77v-x634-9m56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81559?format=json","purl":"pkg:composer/symfony/http-foundation@2.3.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.19"},{"url":"http://public2.vulnerablecode.io/api/packages/50873?format=json","purl":"pkg:composer/symfony/http-foundation@2.4.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/90472?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/50874?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/51163?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11"}],"aliases":["CVE-2014-5244","GHSA-v77v-x634-9m56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ntme-svm1-5qd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/340900?format=json","vulnerability_id":"VCID-qsdk-vs65-kfgv","summary":"Symfony2 security issue when the trust proxy mode is enabled","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/2012-11-29.yaml"},{"reference_url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/5cde5229fc71a19cef2a0a933a18e08e43252f34"},{"reference_url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/http-foundation/commit/795ac45c188ee2a729db4513e9dfd30b16a0ed35"},{"reference_url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/9ce892cf4395e73b136e9b5cd1fae9e91995c93b"},{"reference_url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e5536f0fe10421da7ebbe0071343e94d039dfb97"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4"},{"reference_url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww","reference_id":"GHSA-vfm6-r2gc-pwww","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vfm6-r2gc-pwww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50221?format=json","purl":"pkg:composer/symfony/http-foundation@2.0.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.19"},{"url":"http://public2.vulnerablecode.io/api/packages/50222?format=json","purl":"pkg:composer/symfony/http-foundation@2.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mczp-th6d-wbfr"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.1.4"}],"aliases":["GHSA-vfm6-r2gc-pwww"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsdk-vs65-kfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10653?format=json","vulnerability_id":"VCID-vnku-f414-dyh9","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"CVE-2015-2309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51162?format=json","purl":"pkg:composer/symfony/http-foundation@2.3.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.27"},{"url":"http://public2.vulnerablecode.io/api/packages/90459?format=json","purl":"pkg:composer/symfony/http-foundation@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hkeu-kzf7-67e6"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-ntme-svm1-5qd9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/51163?format=json","purl":"pkg:composer/symfony/http-foundation@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/51164?format=json","purl":"pkg:composer/symfony/http-foundation@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.6"},{"url":"http://public2.vulnerablecode.io/api/packages/92020?format=json","purl":"pkg:composer/symfony/http-foundation@2.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.6.8"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnku-f414-dyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6143?format=json","vulnerability_id":"VCID-yasp-usps-xkc3","summary":"access restriction bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95038","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76831?format=json","purl":"pkg:composer/symfony/http-foundation@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/55252?format=json","purl":"pkg:composer/symfony/http-foundation@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/76832?format=json","purl":"pkg:composer/symfony/http-foundation@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/55253?format=json","purl":"pkg:composer/symfony/http-foundation@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55254?format=json","purl":"pkg:composer/symfony/http-foundation@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55255?format=json","purl":"pkg:composer/symfony/http-foundation@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-mbd5-rsax-jya9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.0.0"}