{"url":"http://public2.vulnerablecode.io/api/packages/54808?format=json","purl":"pkg:composer/symfony/symfony@3.0.0","type":"composer","namespace":"symfony","name":"symfony","version":"3.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.0-BETA5","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13601?format=json","vulnerability_id":"VCID-59sy-m44r-h3gn","summary":"SQL Injection\nIn Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49262","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10913","GHSA-x92h-wmg2-6hp7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59sy-m44r-h3gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13603?format=json","vulnerability_id":"VCID-5txj-xsnq-ducf","summary":"Cross-site Scripting\nIn Symfony, validation messages are not escaped, which can lead to XSS when user input is included.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10909"},{"reference_url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/ab4d05358c3d0dd1a36fc8c306829f68e3dd84e2"},{"reference_url":"https://www.drupal.org/sa-core-2019-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/sa-core-2019-005"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10909"},{"reference_url":"https://symfony.com/cve-2019-10909","reference_id":"CVE-2019-10909","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10909"},{"reference_url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine","reference_id":"CVE-2019-10909-ESCAPE-VALIDATION-MESSAGES-IN-THE-PHP-TEMPLATING-ENGINE","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml","reference_id":"CVE-2019-10909.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10909.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2","reference_id":"GHSA-g996-q5r8-w7g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g996-q5r8-w7g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10909","GHSA-g996-q5r8-w7g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5txj-xsnq-ducf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12814?format=json","vulnerability_id":"VCID-6bdp-9ng3-uyb1","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66483","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54825?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/55117?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bdp-9ng3-uyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12688?format=json","vulnerability_id":"VCID-7cdk-bmdh-2fde","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3992","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cdk-bmdh-2fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12692?format=json","vulnerability_id":"VCID-8627-nvyk-w7fu","summary":"URL Redirection to Untrusted Site (Open Redirect)\nThe security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408","reference_id":"","reference_type":"","scores":[{"value":"0.00307","scoring_system":"epss","scoring_elements":"0.54181","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11408"},{"reference_url":"https://symfony.com/cve-2018-11408","reference_id":"CVE-2018-11408","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-11408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11408"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8627-nvyk-w7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13166?format=json","vulnerability_id":"VCID-a9gt-63v3-vbdf","summary":"Unrestricted Upload of File with Dangerous Type\nWhen using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789","reference_id":"","reference_type":"","scores":[{"value":"0.00869","scoring_system":"epss","scoring_elements":"0.75497","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19789"},{"reference_url":"https://symfony.com/cve-2018-19789","reference_id":"CVE-2018-19789","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-19789"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56135?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/56136?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/56137?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/56138?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19789"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9gt-63v3-vbdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12862?format=json","vulnerability_id":"VCID-h377-gc9v-abep","summary":"Cross-Site Request Forgery (CSRF)\nThe current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55776","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://symfony.com/cve-2017-16653"},{"reference_url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https","reference_id":"CVE-2017-16653-CSRF-PROTECTION-DOES-NOT-USE-DIFFERENT-TOKENS-FOR-HTTP-AND-HTTPS","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml","reference_id":"CVE-2017-16653.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml"},{"reference_url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq","reference_id":"GHSA-92x6-h2gr-8gxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92x6-h2gr-8gxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54830?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/54831?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/54809?format=json","purl":"pkg:composer/symfony/symfony@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0"}],"aliases":["CVE-2017-16653","GHSA-92x6-h2gr-8gxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h377-gc9v-abep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12690?format=json","vulnerability_id":"VCID-kx25-m1mp-zfay","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13602?format=json","vulnerability_id":"VCID-m1y3-csp4-aqe4","summary":"Deserialization of Untrusted Data\nIn Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78513","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10912"},{"reference_url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-016/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10912"},{"reference_url":"https://symfony.com/cve-2019-10912","reference_id":"CVE-2019-10912","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10912"},{"reference_url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized","reference_id":"CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml","reference_id":"CVE-2019-10912.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml"},{"reference_url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3","reference_id":"GHSA-w2fr-65vp-mxw3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2fr-65vp-mxw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10912","GHSA-w2fr-65vp-mxw3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y3-csp4-aqe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142076?format=json","vulnerability_id":"VCID-mbd5-rsax-jya9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85034","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74426?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74424?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74421?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136976?format=json","vulnerability_id":"VCID-n1c7-yabu-jye7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910","reference_id":"","reference_type":"","scores":[{"value":"0.11901","scoring_system":"epss","scoring_elements":"0.93864","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10910"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/3876c75f858d5d82e2c309698d21af2f1d721afb"},{"reference_url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/4c80c3444854ef384df94deb4acbcef4b5e5243b"},{"reference_url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/d2fb5893923292a1da7985f0b56960b5bb10737b"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10910"},{"reference_url":"https://symfony.com/cve-2019-10910","reference_id":"CVE-2019-10910","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10910"},{"reference_url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid","reference_id":"CVE-2019-10910-CHECK-SERVICE-IDS-ARE-VALID","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/dependency-injection/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/proxy-manager-bridge/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml","reference_id":"CVE-2019-10910.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10910.yaml"},{"reference_url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2","reference_id":"GHSA-pgwj-prpq-jpc2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pgwj-prpq-jpc2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10910","GHSA-pgwj-prpq-jpc2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1c7-yabu-jye7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12686?format=json","vulnerability_id":"VCID-n4kq-nskp-1qar","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kq-nskp-1qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11277?format=json","vulnerability_id":"VCID-rq6s-h7p6-b3f1","summary":"Unauthorized access on a misconfigured LDAP server\nThere's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35788","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/symfony/symfony/pull/18736","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/18736"},{"reference_url":"https://symfony.com/cve-2016-2403","reference_id":"CVE-2016-2403","reference_type":"","scores":[],"url":"https://symfony.com/cve-2016-2403"},{"reference_url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","reference_id":"CVE-2016-2403-UNAUTHORIZED-ACCESS-ON-A-MISCONFIGURED-LDAP-SERVER-WHEN-USING-AN-EMPTY-PASSWORD","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51672?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-2403"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rq6s-h7p6-b3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12689?format=json","vulnerability_id":"VCID-tpgm-tx2g-4bh2","summary":"Improper Authentication\nAn issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407","reference_id":"","reference_type":"","scores":[{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33923","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11407"},{"reference_url":"https://symfony.com/cve-2018-11407","reference_id":"CVE-2018-11407","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-11407"},{"reference_url":"https://usn.ubuntu.com/USN-4836-1/","reference_id":"USN-USN-4836-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4836-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54838?format=json","purl":"pkg:composer/symfony/symfony@3.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54839?format=json","purl":"pkg:composer/symfony/symfony@4.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.7"}],"aliases":["CVE-2018-11407"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpgm-tx2g-4bh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13167?format=json","vulnerability_id":"VCID-w8s1-z3hu-8beh","summary":"URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.638","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19790"},{"reference_url":"https://symfony.com/cve-2018-19790","reference_id":"CVE-2018-19790","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-19790"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56135?format=json","purl":"pkg:composer/symfony/symfony@3.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/56136?format=json","purl":"pkg:composer/symfony/symfony@4.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/56137?format=json","purl":"pkg:composer/symfony/symfony@4.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/56138?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19790"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8s1-z3hu-8beh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142075?format=json","vulnerability_id":"VCID-wnu2-cmrt-bkhr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74426?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74424?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74421?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnu2-cmrt-bkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6143?format=json","vulnerability_id":"VCID-yasp-usps-xkc3","summary":"access restriction bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95038","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55268?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/55258?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55259?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55260?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13608?format=json","vulnerability_id":"VCID-zmrn-3fbj-gqcm","summary":"Improper Authentication\nIn Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50816","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10911"},{"reference_url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081"},{"reference_url":"https://www.synology.com/security/advisory/Synology_SA_19_19","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/security/advisory/Synology_SA_19_19"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10911"},{"reference_url":"https://symfony.com/cve-2019-10911","reference_id":"CVE-2019-10911","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10911"},{"reference_url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash","reference_id":"CVE-2019-10911-ADD-A-SEPARATOR-IN-THE-REMEMBER-ME-COOKIE-HASH","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml","reference_id":"CVE-2019-10911.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml"},{"reference_url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr","reference_id":"GHSA-cchx-mfrc-fwqr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cchx-mfrc-fwqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"aliases":["CVE-2019-10911","GHSA-cchx-mfrc-fwqr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmrn-3fbj-gqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10945?format=json","vulnerability_id":"VCID-zqk8-27jq-j7dx","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81005","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51672?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqk8-27jq-j7dx"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.0"}