{"url":"http://public2.vulnerablecode.io/api/packages/56283?format=json","purl":"pkg:composer/symfony/intl@2.7.37","type":"composer","namespace":"symfony","name":"intl","version":"2.7.37","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.38","latest_non_vulnerable_version":"4.0.0-BETA5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40157?format=json","vulnerability_id":"VCID-xj13-fspe-hfgv","summary":"An attacker can navigate to arbitrary directories via the dot-dot-slash attack\nThis package includes various bundle readers that are used to read resource bundles from the local filesystem. The `read()` methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a `URL` parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://github.com/symfony/symfony/pull/24994","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24994"},{"reference_url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths","reference_id":"CVE-2017-16654-INTL-BUNDLE-READERS-BREAKING-OUT-OF-PATHS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56290?format=json","purl":"pkg:composer/symfony/intl@2.7.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/56291?format=json","purl":"pkg:composer/symfony/intl@2.8.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@2.8.31"},{"url":"http://public2.vulnerablecode.io/api/packages/56292?format=json","purl":"pkg:composer/symfony/intl@3.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56293?format=json","purl":"pkg:composer/symfony/intl@3.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56294?format=json","purl":"pkg:composer/symfony/intl@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/56295?format=json","purl":"pkg:composer/symfony/intl@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@4.0.0-BETA5"}],"aliases":["CVE-2017-16654"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xj13-fspe-hfgv"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/intl@2.7.37"}