Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/symfony@5.4.50
Typecomposer
Namespacesymfony
Namesymfony
Version5.4.50
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.4.51
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bhnt-pgq7-yya3
vulnerability_id VCID-bhnt-pgq7-yya3
summary 
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't start with a `/`. This can allow bypassing some access control rules that are built with this `/`-prefix assumption.
references
0
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
url https://github.com/symfony/symfony
1
reference_url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
reference_id
reference_type
scores
url https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
reference_id CVE-2025-64500
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-64500
3
reference_url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
reference_id CVE-2025-64500-INCORRECT-PARSING-OF-PATH-INFO-CAN-LEAD-TO-LIMITED-AUTHORIZATION-BYPASS
reference_type
scores
url https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2025-64500.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
reference_id CVE-2025-64500.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2025-64500.yaml
6
reference_url https://github.com/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
url https://github.com/advisories/GHSA-3rg7-wf37-54rm
7
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
reference_id GHSA-3rg7-wf37-54rm
reference_type
scores
url https://github.com/symfony/symfony/security/advisories/GHSA-3rg7-wf37-54rm
fixed_packages
0
url pkg:composer/symfony/symfony@5.4.50
purl pkg:composer/symfony/symfony@5.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50
1
url pkg:composer/symfony/symfony@6.4.29
purl pkg:composer/symfony/symfony@6.4.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.29
2
url pkg:composer/symfony/symfony@7.3.7
purl pkg:composer/symfony/symfony@7.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.3.7
aliases CVE-2025-64500, GHSA-3rg7-wf37-54rm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhnt-pgq7-yya3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.50