Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@5.2.0
Typecomposer
Namespacesymfony
Namesymfony
Version5.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.51
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-15tu-dfam-yqgh
vulnerability_id VCID-15tu-dfam-yqgh
summary 
Cross-Site Request Forgery (CSRF)
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23601
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38482
published_at 2026-06-04T12:55:00Z
1
value 0.00173
scoring_system epss
scoring_elements 0.38573
published_at 2026-06-06T12:55:00Z
2
value 0.00173
scoring_system epss
scoring_elements 0.38571
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23601
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
5
reference_url https://symfony.com/cve-2022-23601
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-23601
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23601
reference_id CVE-2022-23601
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23601
7
reference_url https://github.com/advisories/GHSA-vvmr-8829-6whx
reference_id GHSA-vvmr-8829-6whx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vvmr-8829-6whx
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx
reference_id GHSA-vvmr-8829-6whx
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx
fixed_packages
0
url pkg:composer/symfony/symfony@5.3.15
purl pkg:composer/symfony/symfony@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-pj86-ync3-gyan
8
vulnerability VCID-yetr-unnz-gbhn
9
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15
1
url pkg:composer/symfony/symfony@5.4.4
purl pkg:composer/symfony/symfony@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-pj86-ync3-gyan
8
vulnerability VCID-yetr-unnz-gbhn
9
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4
2
url pkg:composer/symfony/symfony@6.0.4
purl pkg:composer/symfony/symfony@6.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-pj86-ync3-gyan
7
vulnerability VCID-yetr-unnz-gbhn
8
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4
aliases CVE-2022-23601, GHSA-vvmr-8829-6whx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15tu-dfam-yqgh
1
url VCID-4f9e-eg67-cqbr
vulnerability_id VCID-4f9e-eg67-cqbr
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02588
scoring_system epss
scoring_elements 0.85888
published_at 2026-06-06T12:55:00Z
1
value 0.02588
scoring_system epss
scoring_elements 0.85886
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.31
purl pkg:composer/symfony/symfony@5.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-f2w1-nvm5-rub3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.3.8
purl pkg:composer/symfony/symfony@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-pj86-ync3-gyan
4
vulnerability VCID-s3tv-69ye-13bf
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8
3
url pkg:composer/symfony/symfony@6.4.0-BETA1
purl pkg:composer/symfony/symfony@6.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-pj86-ync3-gyan
4
vulnerability VCID-s3tv-69ye-13bf
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr
2
url VCID-4nx8-hnsf-mych
vulnerability_id VCID-4nx8-hnsf-mych
summary 
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50342
reference_id
reference_type
scores
0
value 0.00502
scoring_system epss
scoring_elements 0.66433
published_at 2026-06-05T12:55:00Z
1
value 0.00502
scoring_system epss
scoring_elements 0.66441
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50342
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/
url https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50342
reference_id CVE-2024-50342
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50342
4
reference_url https://symfony.com/cve-2024-50342
reference_id CVE-2024-50342
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50342
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml
reference_id CVE-2024-50342.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml
reference_id CVE-2024-50342.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml
7
reference_url https://github.com/advisories/GHSA-9c3x-r3wp-mgxm
reference_id GHSA-9c3x-r3wp-mgxm
reference_type
scores
url https://github.com/advisories/GHSA-9c3x-r3wp-mgxm
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
reference_id GHSA-9c3x-r3wp-mgxm
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.47
purl pkg:composer/symfony/symfony@5.4.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.47
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.4.15
purl pkg:composer/symfony/symfony@6.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.15
3
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
4
url pkg:composer/symfony/symfony@7.1.8
purl pkg:composer/symfony/symfony@7.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.8
5
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
aliases CVE-2024-50342, GHSA-9c3x-r3wp-mgxm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4nx8-hnsf-mych
3
url VCID-91hk-tdtv-x7fp
vulnerability_id VCID-91hk-tdtv-x7fp
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39597
published_at 2026-06-04T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39687
published_at 2026-06-06T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39683
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24894
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24894
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
4
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24894
6
reference_url https://symfony.com/cve-2022-24894
reference_id CVE-2022-24894
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-24894
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
reference_id CVE-2022-24894.YAML
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
9
reference_url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
url https://github.com/advisories/GHSA-h7vf-5wrv-9fhv
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
reference_id GHSA-h7vf-5wrv-9fhv
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.20
purl pkg:composer/symfony/symfony@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-f2w1-nvm5-rub3
5
vulnerability VCID-pj86-ync3-gyan
6
vulnerability VCID-yetr-unnz-gbhn
7
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.0.20
purl pkg:composer/symfony/symfony@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20
3
url pkg:composer/symfony/symfony@6.1.0-BETA1
purl pkg:composer/symfony/symfony@6.1.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1
4
url pkg:composer/symfony/symfony@6.1.12
purl pkg:composer/symfony/symfony@6.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12
5
url pkg:composer/symfony/symfony@6.2.0-BETA1
purl pkg:composer/symfony/symfony@6.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1
6
url pkg:composer/symfony/symfony@6.2.6
purl pkg:composer/symfony/symfony@6.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-s3tv-69ye-13bf
6
vulnerability VCID-yetr-unnz-gbhn
7
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6
aliases CVE-2022-24894, GHSA-h7vf-5wrv-9fhv, GMS-2023-209, GMS-2023-212
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91hk-tdtv-x7fp
4
url VCID-b5f3-54zt-qffk
vulnerability_id VCID-b5f3-54zt-qffk
summary 
User enumeration in authentication mechanisms
Description
-----------

The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.

Resolution
----------

We now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.

The patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.

Credits
-------

I would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.
references
0
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
1
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
2
reference_url https://github.com/advisories/GHSA-g2qj-pmxm-9f8f
reference_id GHSA-g2qj-pmxm-9f8f
reference_type
scores
url https://github.com/advisories/GHSA-g2qj-pmxm-9f8f
3
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-g2qj-pmxm-9f8f
reference_id GHSA-g2qj-pmxm-9f8f
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-g2qj-pmxm-9f8f
fixed_packages
0
url pkg:composer/symfony/symfony@5.2.8
purl pkg:composer/symfony/symfony@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-4nx8-hnsf-mych
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-gjcx-wmhp-fqef
8
vulnerability VCID-m9e2-rg83-d7eb
9
vulnerability VCID-pj86-ync3-gyan
10
vulnerability VCID-yetr-unnz-gbhn
11
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8
aliases GHSA-g2qj-pmxm-9f8f, GMS-2021-130, GMS-2021-131
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5f3-54zt-qffk
5
url VCID-bhnt-pgq7-yya3
vulnerability_id VCID-bhnt-pgq7-yya3
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
reference_id
reference_type
scores
0
value 0.06307
scoring_system epss
scoring_elements 0.91125
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64500
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64500
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
5
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
8
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T16:50:43Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.50
purl pkg:composer/symfony/symfony@5.4.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.4.29
purl pkg:composer/symfony/symfony@6.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29
3
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
4
url pkg:composer/symfony/symfony@7.3.7
purl pkg:composer/symfony/symfony@7.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7
5
url pkg:composer/symfony/symfony@7.4.0-BETA1
purl pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3
6
url VCID-c3qr-9rv2-yqh9
vulnerability_id VCID-c3qr-9rv2-yqh9
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24895
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06125
published_at 2026-06-05T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.06099
published_at 2026-06-04T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07304
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24895
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24895
2
reference_url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
5
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
reference_id CVE-2022-24895
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
7
reference_url https://symfony.com/cve-2022-24895
reference_id CVE-2022-24895
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2022-24895
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
10
reference_url https://github.com/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
url https://github.com/advisories/GHSA-3gv2-29qc-v67m
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.20
purl pkg:composer/symfony/symfony@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-f2w1-nvm5-rub3
5
vulnerability VCID-pj86-ync3-gyan
6
vulnerability VCID-yetr-unnz-gbhn
7
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.0.20
purl pkg:composer/symfony/symfony@6.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20
3
url pkg:composer/symfony/symfony@6.1.0-BETA1
purl pkg:composer/symfony/symfony@6.1.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1
4
url pkg:composer/symfony/symfony@6.1.12
purl pkg:composer/symfony/symfony@6.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12
5
url pkg:composer/symfony/symfony@6.2.0-BETA1
purl pkg:composer/symfony/symfony@6.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-yetr-unnz-gbhn
6
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1
6
url pkg:composer/symfony/symfony@6.2.6
purl pkg:composer/symfony/symfony@6.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-bhnt-pgq7-yya3
4
vulnerability VCID-pj86-ync3-gyan
5
vulnerability VCID-s3tv-69ye-13bf
6
vulnerability VCID-yetr-unnz-gbhn
7
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6
aliases CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9
7
url VCID-f2w1-nvm5-rub3
vulnerability_id VCID-f2w1-nvm5-rub3
summary 
Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows
The Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.

This can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24739
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01643
published_at 2026-06-06T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01637
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24739
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3
3
reference_url https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b
4
reference_url https://github.com/symfony/symfony/issues/62921
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/issues/62921
5
reference_url https://github.com/symfony/symfony/pull/63164
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/pull/63164
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24739
reference_id CVE-2026-24739
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24739
7
reference_url https://github.com/advisories/GHSA-r39x-jcww-82v6
reference_id GHSA-r39x-jcww-82v6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r39x-jcww-82v6
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6
reference_id GHSA-r39x-jcww-82v6
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.51
purl pkg:composer/symfony/symfony@5.4.51
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.51
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.4.33
purl pkg:composer/symfony/symfony@6.4.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.33
3
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
4
url pkg:composer/symfony/symfony@7.3.11
purl pkg:composer/symfony/symfony@7.3.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.11
5
url pkg:composer/symfony/symfony@7.4.0-BETA1
purl pkg:composer/symfony/symfony@7.4.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.0-BETA1
6
url pkg:composer/symfony/symfony@7.4.5
purl pkg:composer/symfony/symfony@7.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.4.5
7
url pkg:composer/symfony/symfony@8.0.0-BETA1
purl pkg:composer/symfony/symfony@8.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.0-BETA1
8
url pkg:composer/symfony/symfony@8.0.5
purl pkg:composer/symfony/symfony@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@8.0.5
aliases CVE-2026-24739, GHSA-r39x-jcww-82v6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2w1-nvm5-rub3
8
url VCID-gjcx-wmhp-fqef
vulnerability_id VCID-gjcx-wmhp-fqef
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
reference_id
reference_type
scores
0
value 0.00462
scoring_system epss
scoring_elements 0.64557
published_at 2026-06-06T12:55:00Z
1
value 0.00462
scoring_system epss
scoring_elements 0.64548
published_at 2026-06-05T12:55:00Z
2
value 0.00462
scoring_system epss
scoring_elements 0.64506
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
3
reference_url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
4
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
5
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
6
reference_url https://symfony.com/cve-2021-41267
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41267
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
reference_id CVE-2021-41267
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
8
reference_url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
fixed_packages
0
url pkg:composer/symfony/symfony@5.3.12
purl pkg:composer/symfony/symfony@5.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-4nx8-hnsf-mych
3
vulnerability VCID-88mw-6zg1-gke1
4
vulnerability VCID-91hk-tdtv-x7fp
5
vulnerability VCID-bhnt-pgq7-yya3
6
vulnerability VCID-c3qr-9rv2-yqh9
7
vulnerability VCID-f2w1-nvm5-rub3
8
vulnerability VCID-pj86-ync3-gyan
9
vulnerability VCID-yetr-unnz-gbhn
10
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12
1
url pkg:composer/symfony/symfony@5.4.0-BETA1
purl pkg:composer/symfony/symfony@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-pj86-ync3-gyan
8
vulnerability VCID-yetr-unnz-gbhn
9
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1
aliases CVE-2021-41267, GHSA-q3j3-w37x-hq2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjcx-wmhp-fqef
9
url VCID-m9e2-rg83-d7eb
vulnerability_id VCID-m9e2-rg83-d7eb
summary 
Improper Neutralization of Formula Elements in a CSV File
`Symfony/Serializer` handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony is vulnerable to CSV injection, also known as formula injection. In Symfony, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list, Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41270
reference_id
reference_type
scores
0
value 0.00871
scoring_system epss
scoring_elements 0.75566
published_at 2026-06-04T12:55:00Z
1
value 0.00871
scoring_system epss
scoring_elements 0.75597
published_at 2026-06-06T12:55:00Z
2
value 0.00871
scoring_system epss
scoring_elements 0.75594
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41270
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41270
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/serializer/CVE-2021-41270.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41270.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8
6
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
7
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BPT4SF6SIXFMZARDWED5T32J7JEH3EP/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QSREFD2TJT5LWKM6S4MD3W26NQQ5WJUP/
16
reference_url https://symfony.com/cve-2021-41270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41270
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41270
reference_id CVE-2021-41270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41270
18
reference_url https://github.com/advisories/GHSA-2xhg-w2g5-w95x
reference_id GHSA-2xhg-w2g5-w95x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xhg-w2g5-w95x
19
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
reference_id GHSA-2xhg-w2g5-w95x
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
20
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.3.12
purl pkg:composer/symfony/symfony@5.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-4nx8-hnsf-mych
3
vulnerability VCID-88mw-6zg1-gke1
4
vulnerability VCID-91hk-tdtv-x7fp
5
vulnerability VCID-bhnt-pgq7-yya3
6
vulnerability VCID-c3qr-9rv2-yqh9
7
vulnerability VCID-f2w1-nvm5-rub3
8
vulnerability VCID-pj86-ync3-gyan
9
vulnerability VCID-yetr-unnz-gbhn
10
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.12
1
url pkg:composer/symfony/symfony@5.4.0-BETA1
purl pkg:composer/symfony/symfony@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-4nx8-hnsf-mych
2
vulnerability VCID-88mw-6zg1-gke1
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-pj86-ync3-gyan
8
vulnerability VCID-yetr-unnz-gbhn
9
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.0-BETA1
aliases CVE-2021-41270, GHSA-2xhg-w2g5-w95x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9e2-rg83-d7eb
10
url VCID-p6f7-utd6-eqej
vulnerability_id VCID-p6f7-utd6-eqej
summary 
Information Exposure
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.5686
published_at 2026-06-06T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56801
published_at 2026-06-04T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.56852
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
8
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
9
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
10
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
19
reference_url https://symfony.com/cve-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-21424
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
reference_id CVE-2021-21424
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
21
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
reference_id GHSA-5pv8-ppvj-4h68
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
22
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.2.8
purl pkg:composer/symfony/symfony@5.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-4nx8-hnsf-mych
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-gjcx-wmhp-fqef
8
vulnerability VCID-m9e2-rg83-d7eb
9
vulnerability VCID-pj86-ync3-gyan
10
vulnerability VCID-yetr-unnz-gbhn
11
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.8
1
url pkg:composer/symfony/symfony@5.2.9
purl pkg:composer/symfony/symfony@5.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15tu-dfam-yqgh
1
vulnerability VCID-4f9e-eg67-cqbr
2
vulnerability VCID-4nx8-hnsf-mych
3
vulnerability VCID-91hk-tdtv-x7fp
4
vulnerability VCID-bhnt-pgq7-yya3
5
vulnerability VCID-c3qr-9rv2-yqh9
6
vulnerability VCID-f2w1-nvm5-rub3
7
vulnerability VCID-gjcx-wmhp-fqef
8
vulnerability VCID-m9e2-rg83-d7eb
9
vulnerability VCID-pj86-ync3-gyan
10
vulnerability VCID-yetr-unnz-gbhn
11
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.9
aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej
11
url VCID-pj86-ync3-gyan
vulnerability_id VCID-pj86-ync3-gyan
summary 
Symfony has an incorrect response from Validator when input ends with `\n`
It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.48112
published_at 2026-06-06T12:55:00Z
1
value 0.00246
scoring_system epss
scoring_elements 0.48109
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50343
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
4
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
reference_id CVE-2024-50343
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50343
6
reference_url https://symfony.com/cve-2024-50343
reference_id CVE-2024-50343
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50343
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
reference_id CVE-2024-50343.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
reference_id CVE-2024-50343.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
9
reference_url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
reference_id GHSA-g3rh-rrhp-jhh9
reference_type
scores
url https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
reference_id GHSA-g3rh-rrhp-jhh9
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
11
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.43
purl pkg:composer/symfony/symfony@5.4.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-f2w1-nvm5-rub3
4
vulnerability VCID-yetr-unnz-gbhn
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43
1
url pkg:composer/symfony/symfony@6.4.11
purl pkg:composer/symfony/symfony@6.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-f2w1-nvm5-rub3
4
vulnerability VCID-yetr-unnz-gbhn
5
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11
2
url pkg:composer/symfony/symfony@7.1.4
purl pkg:composer/symfony/symfony@7.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4nx8-hnsf-mych
1
vulnerability VCID-88mw-6zg1-gke1
2
vulnerability VCID-bhnt-pgq7-yya3
3
vulnerability VCID-yetr-unnz-gbhn
4
vulnerability VCID-zgxf-qxwu-pqf9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4
aliases CVE-2024-50343, GHSA-g3rh-rrhp-jhh9
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pj86-ync3-gyan
12
url VCID-yetr-unnz-gbhn
vulnerability_id VCID-yetr-unnz-gbhn
summary 
Symfony vulnerable to command execution hijack on Windows with Process class
On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51736
reference_id
reference_type
scores
0
value 0.00783
scoring_system epss
scoring_elements 0.74138
published_at 2026-06-06T12:55:00Z
1
value 0.00783
scoring_system epss
scoring_elements 0.74134
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51736
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51736
reference_id CVE-2024-51736
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51736
4
reference_url https://symfony.com/cve-2024-51736
reference_id CVE-2024-51736
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-51736
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
reference_id CVE-2024-51736.YAML
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
reference_id CVE-2024-51736.YAML
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml
7
reference_url https://github.com/advisories/GHSA-qq5c-677p-737q
reference_id GHSA-qq5c-677p-737q
reference_type
scores
url https://github.com/advisories/GHSA-qq5c-677p-737q
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
reference_id GHSA-qq5c-677p-737q
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.46
purl pkg:composer/symfony/symfony@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.4.14
purl pkg:composer/symfony/symfony@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14
3
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
4
url pkg:composer/symfony/symfony@7.1.7
purl pkg:composer/symfony/symfony@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7
5
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
aliases CVE-2024-51736, GHSA-qq5c-677p-737q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yetr-unnz-gbhn
13
url VCID-zgxf-qxwu-pqf9
vulnerability_id VCID-zgxf-qxwu-pqf9
summary 
Symfony vulnerable to open redirect via browser-sanitized URLs
The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
reference_id
reference_type
scores
0
value 0.00394
scoring_system epss
scoring_elements 0.6068
published_at 2026-06-06T12:55:00Z
1
value 0.00394
scoring_system epss
scoring_elements 0.60672
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-50345
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50345
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
4
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html
5
reference_url https://url.spec.whatwg.org
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://url.spec.whatwg.org
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
reference_id CVE-2024-50345
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-50345
7
reference_url https://symfony.com/cve-2024-50345
reference_id CVE-2024-50345
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-50345
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
reference_id CVE-2024-50345.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
reference_id CVE-2024-50345.YAML
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml
10
reference_url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
url https://github.com/advisories/GHSA-mrqx-rp3w-jpjp
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
reference_id GHSA-mrqx-rp3w-jpjp
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.46
purl pkg:composer/symfony/symfony@5.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46
1
url pkg:composer/symfony/symfony@6.0.0-BETA1
purl pkg:composer/symfony/symfony@6.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1
2
url pkg:composer/symfony/symfony@6.4.14
purl pkg:composer/symfony/symfony@6.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
1
vulnerability VCID-f2w1-nvm5-rub3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14
3
url pkg:composer/symfony/symfony@7.0.0-BETA1
purl pkg:composer/symfony/symfony@7.0.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p6dz-c7ee-1fg9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1
4
url pkg:composer/symfony/symfony@7.1.7
purl pkg:composer/symfony/symfony@7.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7
5
url pkg:composer/symfony/symfony@7.2.0-BETA1
purl pkg:composer/symfony/symfony@7.2.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bhnt-pgq7-yya3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1
aliases CVE-2024-50345, GHSA-mrqx-rp3w-jpjp
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxf-qxwu-pqf9
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.2.0