{"url":"http://public2.vulnerablecode.io/api/packages/57133?format=json","purl":"pkg:composer/symfony/symfony@4.2.0","type":"composer","namespace":"symfony","name":"symfony","version":"4.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.2.1","latest_non_vulnerable_version":"8.0.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40525?format=json","vulnerability_id":"VCID-frbz-vpfe-vbh9","summary":"Unrestricted Upload of File with Dangerous Type\nWhen using the scalar type hint `string` in a setter method (e.g. `setName(string$name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution.","references":[{"reference_url":"https://symfony.com/cve-2018-19789","reference_id":"CVE-2018-19789","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-19789"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57139?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19789"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frbz-vpfe-vbh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40526?format=json","vulnerability_id":"VCID-mew1-9shg-mugs","summary":"URL Redirection to Untrusted Site (Open Redirect)\nBy using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.","references":[{"reference_url":"https://symfony.com/cve-2018-19790","reference_id":"CVE-2018-19790","reference_type":"","scores":[],"url":"https://symfony.com/cve-2018-19790"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57139?format=json","purl":"pkg:composer/symfony/symfony@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.1"}],"aliases":["CVE-2018-19790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.0"}