{"url":"http://public2.vulnerablecode.io/api/packages/92032?format=json","purl":"pkg:composer/symfony/symfony@2.5.6","type":"composer","namespace":"symfony","name":"symfony","version":"2.5.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.46","latest_non_vulnerable_version":"8.0.12","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10776?format=json","vulnerability_id":"VCID-1s54-qwaj-dbg5","summary":"Information Exposure Through Timing Discrepancy\nSymfony allows remote attackers to have unspecified impact via a timing attack.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7737","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8125"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/form/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8125.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16630","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16630"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8125"},{"reference_url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service"},{"reference_url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228050051/http://www.securityfocus.com/bid/77692"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"http://www.securityfocus.com/bid/77692","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/77692"},{"reference_url":"https://symfony.com/cve-2015-8125","reference_id":"CVE-2015-8125","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8125"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51366?format=json","purl":"pkg:composer/symfony/symfony@2.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51367?format=json","purl":"pkg:composer/symfony/symfony@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7"}],"aliases":["CVE-2015-8125","GHSA-g97c-jfx6-xvxh"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1s54-qwaj-dbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14844?format=json","vulnerability_id":"VCID-2fjn-22pk-p7fx","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38505","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"CVE-2022-23601.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59309?format=json","purl":"pkg:composer/symfony/symfony@5.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/59310?format=json","purl":"pkg:composer/symfony/symfony@5.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/59311?format=json","purl":"pkg:composer/symfony/symfony@6.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.4"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fjn-22pk-p7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12814?format=json","vulnerability_id":"VCID-6bdp-9ng3-uyb1","summary":"Cross-site Scripting\nThe debug handler in Symfony has an XSS via an array key during exception pretty printing in `ExceptionHandler.php`, as demonstrated by a `/_debugbar/open?op`=get` URI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66483","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18343"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343","reference_id":"CVE-2017-18343","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18343"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55115?format=json","purl":"pkg:composer/symfony/symfony@2.7.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.33"},{"url":"http://public2.vulnerablecode.io/api/packages/55116?format=json","purl":"pkg:composer/symfony/symfony@2.8.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.26"},{"url":"http://public2.vulnerablecode.io/api/packages/54825?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/55117?format=json","purl":"pkg:composer/symfony/symfony@3.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.6"}],"aliases":["CVE-2017-18343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bdp-9ng3-uyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268522?format=json","vulnerability_id":"VCID-6kq8-5k4z-27f2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"0.00394","scoring_system":"epss","scoring_elements":"0.60588","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50345"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50345.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50345"},{"reference_url":"https://symfony.com/cve-2024-50345","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50345"},{"reference_url":"https://url.spec.whatwg.org","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:21:57Z/"}],"url":"https://url.spec.whatwg.org"},{"reference_url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp","reference_id":"GHSA-mrqx-rp3w-jpjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrqx-rp3w-jpjp"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/728152?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187793?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/85031?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187794?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/85037?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187795?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"}],"aliases":["CVE-2024-50345","GHSA-mrqx-rp3w-jpjp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kq8-5k4z-27f2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12688?format=json","vulnerability_id":"VCID-7cdk-bmdh-2fde","summary":"Cross-Site Request Forgery (CSRF)\nBy default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3992","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11406"},{"reference_url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11406","reference_id":"CVE-2018-11406","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54878?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/54810?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/55262?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11406","GHSA-g4g7-q726-v5hg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7cdk-bmdh-2fde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16774?format=json","vulnerability_id":"VCID-7pwc-t6vf-eyax","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39605","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24894"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24894"},{"reference_url":"https://symfony.com/cve-2022-24894","reference_id":"CVE-2022-24894","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24894"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml","reference_id":"CVE-2022-24894.YAML","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv","reference_id":"GHSA-h7vf-5wrv-9fhv","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:29Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585196?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/585208?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62600?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/440977?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62601?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/85031?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62602?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/62603?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/62604?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-dw66-36y1-g7hz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24894","GHSA-h7vf-5wrv-9fhv","GMS-2023-209","GMS-2023-212"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pwc-t6vf-eyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/269375?format=json","vulnerability_id":"VCID-9mbr-qumx-8yhz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.74047","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/728152?format=json","purl":"pkg:composer/symfony/symfony@7.2.0-BETA1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187793?format=json","purl":"pkg:composer/symfony/symfony@5.4.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.46"},{"url":"http://public2.vulnerablecode.io/api/packages/85031?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187794?format=json","purl":"pkg:composer/symfony/symfony@6.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/85037?format=json","purl":"pkg:composer/symfony/symfony@7.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/187795?format=json","purl":"pkg:composer/symfony/symfony@7.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.7"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mbr-qumx-8yhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10944?format=json","vulnerability_id":"VCID-d4ry-msw9-17gu","summary":"Cryptographic Issues\nThe `nextBytes` function in the `SecureRandom` class in Symfony does not properly generate random numbers when used with PHP without the `paragonie/random_compat` library and the `openssl_random_pseudo_bytes` function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60758","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1902"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/17359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/17359"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1902"},{"reference_url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom"},{"reference_url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-1902","reference_id":"CVE-2016-1902","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-1902"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51679?format=json","purl":"pkg:composer/symfony/symfony@2.6.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51680?format=json","purl":"pkg:composer/symfony/symfony@2.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.9"}],"aliases":["CVE-2016-1902","GHSA-jjx5-fq5g-8xpc"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4ry-msw9-17gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10679?format=json","vulnerability_id":"VCID-epe4-cnhd-zyef","summary":"Esi Code Injection\nApplications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the `Symfony\\Component\\HttpKernel\\HttpCache` class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089"},{"reference_url":"http://jvn.jp/en/jp/JVN19578958/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19578958/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.68022","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2308"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2308.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14167/commits/195c57e1f50765aff33137689b16e126a689056a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2308"},{"reference_url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-2308-esi-code-injection"},{"reference_url":"https://symfony.com/cve-2015-2308","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2308"},{"reference_url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228084751/http://www.securityfocus.com/bid/75357"},{"reference_url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection","reference_id":"CVE-2015-2308-ESI-CODE-INJECTION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2308-esi-code-injection"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51168?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-s3xz-n4w1-ekd2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zhq5-ppcx-yubu"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/51169?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-s3xz-n4w1-ekd2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2308","GHSA-5c58-w9xc-qcj9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epe4-cnhd-zyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12690?format=json","vulnerability_id":"VCID-kx25-m1mp-zfay","summary":"Insufficient Session Expiration\nThe `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"0.01086","scoring_system":"epss","scoring_elements":"0.78204","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11386"},{"reference_url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11386","reference_id":"CVE-2018-11386","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11386"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54878?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/54810?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/55262?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11386","GHSA-r2rq-3h56-fqm4"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx25-m1mp-zfay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142076?format=json","vulnerability_id":"VCID-mbd5-rsax-jya9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888","reference_id":"","reference_type":"","scores":[{"value":"0.0231","scoring_system":"epss","scoring_elements":"0.85034","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18888"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18888"},{"reference_url":"https://symfony.com/cve-2019-18888","reference_id":"CVE-2019-18888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18888"},{"reference_url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser","reference_id":"CVE-2019-18888-PREVENT-ARGUMENT-INJECTION-IN-A-MIMETYPEGUESSER","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/mime/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml","reference_id":"CVE-2019-18888.YAML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18888.yaml"},{"reference_url":"https://github.com/advisories/GHSA-xhh6-956q-4q69","reference_id":"GHSA-xhh6-956q-4q69","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhh6-956q-4q69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74427?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/74426?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74424?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-2m2u-gjzs-cbbk"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74421?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-2m2u-gjzs-cbbk"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18888","GHSA-xhh6-956q-4q69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbd5-rsax-jya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18796?format=json","vulnerability_id":"VCID-mxta-zqzb-nfbv","summary":"Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734","reference_id":"","reference_type":"","scores":[{"value":"0.02419","scoring_system":"epss","scoring_elements":"0.85376","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46734"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54"},{"reference_url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774","reference_id":"1055774","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46734"},{"reference_url":"https://symfony.com/cve-2023-46734","reference_id":"CVE-2023-46734","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46734"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml","reference_id":"CVE-2023-46734.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3","reference_id":"GHSA-q847-2q57-wmr3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/638026?format=json","purl":"pkg:composer/symfony/symfony@6.4.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-dw66-36y1-g7hz"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/66493?format=json","purl":"pkg:composer/symfony/symfony@4.4.51","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.51"},{"url":"http://public2.vulnerablecode.io/api/packages/440977?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/66487?format=json","purl":"pkg:composer/symfony/symfony@5.4.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.31"},{"url":"http://public2.vulnerablecode.io/api/packages/85031?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/66488?format=json","purl":"pkg:composer/symfony/symfony@6.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-dw66-36y1-g7hz"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.3.8"}],"aliases":["CVE-2023-46734","GHSA-q847-2q57-wmr3"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxta-zqzb-nfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12686?format=json","vulnerability_id":"VCID-n4kq-nskp-1qar","summary":"Session Fixation\nA session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"0.00904","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f"},{"reference_url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b"},{"reference_url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11385"},{"reference_url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication"},{"reference_url":"https://www.debian.org/security/2018/dsa-4262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4262"},{"reference_url":"https://symfony.com/cve-2018-11385","reference_id":"CVE-2018-11385","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2018-11385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54878?format=json","purl":"pkg:composer/symfony/symfony@2.7.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.48"},{"url":"http://public2.vulnerablecode.io/api/packages/54810?format=json","purl":"pkg:composer/symfony/symfony@2.8.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.41"},{"url":"http://public2.vulnerablecode.io/api/packages/55262?format=json","purl":"pkg:composer/symfony/symfony@3.3.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54811?format=json","purl":"pkg:composer/symfony/symfony@3.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54812?format=json","purl":"pkg:composer/symfony/symfony@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.11"}],"aliases":["CVE-2018-11385","GHSA-g4rg-rw65-8hfg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kq-nskp-1qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10675?format=json","vulnerability_id":"VCID-s3xz-n4w1-ekd2","summary":"Improper Access Control\nFragmentListener in the HttpKernel component in Symfony, when ESI or SSI support enabled, does not check if the `_controller` attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to `/_fragment`.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159603.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159610.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050","reference_id":"","reference_type":"","scores":[{"value":"0.76192","scoring_system":"epss","scoring_elements":"0.98948","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4050"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-4050.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2015-4050.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-4050.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-4050.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4050","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4050"},{"reference_url":"https://web.archive.org/web/20200228090443/http://www.securityfocus.com/bid/74928","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228090443/http://www.securityfocus.com/bid/74928"},{"reference_url":"http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access"},{"reference_url":"http://www.debian.org/security/2015/dsa-3276","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3276"},{"reference_url":"https://symfony.com/cve-2015-4050","reference_id":"CVE-2015-4050","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-4050"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51226?format=json","purl":"pkg:composer/symfony/symfony@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zhq5-ppcx-yubu"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51227?format=json","purl":"pkg:composer/symfony/symfony@2.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.8"}],"aliases":["CVE-2015-4050","GHSA-qmqw-mpqp-mr54"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3xz-n4w1-ekd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16776?format=json","vulnerability_id":"VCID-uvpz-6mss-9bgn","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06271","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24895"},{"reference_url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24895"},{"reference_url":"https://symfony.com/cve-2022-24895","reference_id":"CVE-2022-24895","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-24895"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml","reference_id":"CVE-2022-24895.YAML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m","reference_id":"GHSA-3gv2-29qc-v67m","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:32Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585196?format=json","purl":"pkg:composer/symfony/symfony@6.1.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/585208?format=json","purl":"pkg:composer/symfony/symfony@6.2.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62600?format=json","purl":"pkg:composer/symfony/symfony@4.4.50","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.4.50"},{"url":"http://public2.vulnerablecode.io/api/packages/440977?format=json","purl":"pkg:composer/symfony/symfony@5.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62601?format=json","purl":"pkg:composer/symfony/symfony@5.4.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.20"},{"url":"http://public2.vulnerablecode.io/api/packages/85031?format=json","purl":"pkg:composer/symfony/symfony@6.0.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31pu-2pt7-2fh2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/62602?format=json","purl":"pkg:composer/symfony/symfony@6.0.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.0.20"},{"url":"http://public2.vulnerablecode.io/api/packages/62603?format=json","purl":"pkg:composer/symfony/symfony@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/62604?format=json","purl":"pkg:composer/symfony/symfony@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-dw66-36y1-g7hz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.2.6"}],"aliases":["CVE-2022-24895","GHSA-3gv2-29qc-v67m","GMS-2023-210","GMS-2023-211"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvpz-6mss-9bgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10778?format=json","vulnerability_id":"VCID-vmr4-cut4-2fe6","summary":"Session Fixation\nSession fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173271.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173300.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53911","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8124"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/89","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/89"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-8124.yaml"},{"reference_url":"https://github.com/symfony/symfony/pull/16631","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/16631"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8124"},{"reference_url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature"},{"reference_url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201209020014/http://www.securityfocus.com/archive/1/537183/100/0/threaded"},{"reference_url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210125123853/http://www.securityfocus.com/bid/77694"},{"reference_url":"http://www.debian.org/security/2015/dsa-3402","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3402"},{"reference_url":"https://symfony.com/cve-2015-8124","reference_id":"CVE-2015-8124","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-8124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51366?format=json","purl":"pkg:composer/symfony/symfony@2.6.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51367?format=json","purl":"pkg:composer/symfony/symfony@2.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.7"}],"aliases":["CVE-2015-8124","GHSA-j5jh-hpr4-h332"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmr4-cut4-2fe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10653?format=json","vulnerability_id":"VCID-vnku-f414-dyh9","summary":"Unsafe methods in the Request class\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server. The following methods are impacted: `getPort()`, `isSecure()`, `getHost()` and `getClientIps()`.","references":[{"reference_url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/6c73f0ce9302a0091bbfbb96f317e400ce16ef84"},{"reference_url":"https://github.com/symfony/symfony/pull/14166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/14166"},{"reference_url":"https://symfony.com/cve-2015-2309","reference_id":"CVE-2015-2309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2015-2309"},{"reference_url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class","reference_id":"CVE-2015-2309-UNSAFE-METHODS-IN-THE-REQUEST-CLASS","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml","reference_id":"CVE-2015-2309.YAML","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2015-2309.yaml"},{"reference_url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j","reference_id":"GHSA-p684-f7fh-jv2j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p684-f7fh-jv2j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51168?format=json","purl":"pkg:composer/symfony/symfony@2.5.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-s3xz-n4w1-ekd2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zhq5-ppcx-yubu"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/92037?format=json","purl":"pkg:composer/symfony/symfony@2.6.0-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zhq5-ppcx-yubu"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.0-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/51169?format=json","purl":"pkg:composer/symfony/symfony@2.6.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-s3xz-n4w1-ekd2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.6"}],"aliases":["CVE-2015-2309","GHSA-p684-f7fh-jv2j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnku-f414-dyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142075?format=json","vulnerability_id":"VCID-wnu2-cmrt-bkhr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887","reference_id":"","reference_type":"","scores":[{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74565","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18887"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v4.3.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v4.3.8"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/"},{"reference_url":"https://symfony.com/blog/symfony-4-3-8-released","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/symfony-4-3-8-released"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18887"},{"reference_url":"https://symfony.com/cve-2019-18887","reference_id":"CVE-2019-18887","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2019-18887"},{"reference_url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner","reference_id":"CVE-2019-18887-USE-CONSTANT-TIME-COMPARISON-IN-URISIGNER","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml","reference_id":"CVE-2019-18887.YAML","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18887.yaml"},{"reference_url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv","reference_id":"GHSA-q8hg-pf8v-cxrv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8hg-pf8v-cxrv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74427?format=json","purl":"pkg:composer/symfony/symfony@2.8.52","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.52"},{"url":"http://public2.vulnerablecode.io/api/packages/74426?format=json","purl":"pkg:composer/symfony/symfony@3.4.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.35"},{"url":"http://public2.vulnerablecode.io/api/packages/74424?format=json","purl":"pkg:composer/symfony/symfony@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-2m2u-gjzs-cbbk"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/74421?format=json","purl":"pkg:composer/symfony/symfony@4.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-2m2u-gjzs-cbbk"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-yzth-mby6-fua5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.3.8"}],"aliases":["CVE-2019-18887","GHSA-q8hg-pf8v-cxrv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnu2-cmrt-bkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6143?format=json","vulnerability_id":"VCID-yasp-usps-xkc3","summary":"access restriction bypass","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773","reference_id":"","reference_type":"","scores":[{"value":"0.16652","scoring_system":"epss","scoring_elements":"0.95038","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14773"},{"reference_url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"},{"reference_url":"https://seclists.org/bugtraq/2019/May/21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/21"},{"reference_url":"https://www.debian.org/security/2019/dsa-4441","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4441"},{"reference_url":"https://www.drupal.org/SA-CORE-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.drupal.org/SA-CORE-2018-005"},{"reference_url":"http://www.securityfocus.com/bid/104943","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/104943"},{"reference_url":"http://www.securitytracker.com/id/1041405","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1041405"},{"reference_url":"https://security.archlinux.org/AVG-744","reference_id":"AVG-744","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773","reference_id":"CVE-2018-14773","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14773"},{"reference_url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers","reference_id":"CVE-2018-14773-REMOVE-SUPPORT-FOR-LEGACY-AND-RISKY-HTTP-HEADERS","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml","reference_id":"CVE-2018-14773.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-14773.yaml"},{"reference_url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq","reference_id":"GHSA-8wgj-6wx8-h5hq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wgj-6wx8-h5hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55267?format=json","purl":"pkg:composer/symfony/symfony@2.7.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.49"},{"url":"http://public2.vulnerablecode.io/api/packages/55257?format=json","purl":"pkg:composer/symfony/symfony@2.8.44","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.44"},{"url":"http://public2.vulnerablecode.io/api/packages/55268?format=json","purl":"pkg:composer/symfony/symfony@3.3.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.18"},{"url":"http://public2.vulnerablecode.io/api/packages/55258?format=json","purl":"pkg:composer/symfony/symfony@3.4.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55259?format=json","purl":"pkg:composer/symfony/symfony@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55260?format=json","purl":"pkg:composer/symfony/symfony@4.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-2m2u-gjzs-cbbk"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-k3e5-c9kc-sqg1"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.3"}],"aliases":["CVE-2018-14773","GHSA-8wgj-6wx8-h5hq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yasp-usps-xkc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/268520?format=json","vulnerability_id":"VCID-yzth-mby6-fua5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4803","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50343"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50343"},{"reference_url":"https://symfony.com/cve-2024-50343","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50343"},{"reference_url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9","reference_id":"GHSA-g3rh-rrhp-jhh9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g3rh-rrhp-jhh9"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187879?format=json","purl":"pkg:composer/symfony/symfony@5.4.43","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@5.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/187880?format=json","purl":"pkg:composer/symfony/symfony@6.4.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@6.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/187881?format=json","purl":"pkg:composer/symfony/symfony@7.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-dmsr-jrsf-tqdu"},{"vulnerability":"VCID-wtr6-xz9n-uqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@7.1.4"}],"aliases":["CVE-2024-50343","GHSA-g3rh-rrhp-jhh9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzth-mby6-fua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15942?format=json","vulnerability_id":"VCID-zhq5-ppcx-yubu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[from_name], (4) email_smtp[from_address], (5) email_smtp[host], (6) email_smtp[port], (7) jit_image_manipulation[trusted_external_sites], or (8) maintenance_mode[ip_allow list] parameters to system/preferences.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766","reference_id":"","reference_type":"","scores":[{"value":"0.00273","scoring_system":"epss","scoring_elements":"0.5089","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8766"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/60","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2015/Dec/60"},{"reference_url":"https://github.com/symphonycms/symphony-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2"},{"reference_url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symphonycms/symphony-2/commit/651e150091c61fb60ad1dff2bc2166185a83d9d6"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.getsymphony.com/download/releases/version/2.6.4"},{"reference_url":"http://www.getsymphony.com/download/releases/version/2.6.4/","reference_id":"","reference_type":"","scores":[],"url":"http://www.getsymphony.com/download/releases/version/2.6.4/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766","reference_id":"CVE-2015-8766","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8766"},{"reference_url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html","reference_id":"CVE-2015-8766-GETSYMPHONEY.HTML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210321090853/https://cybersecurityworks.com/zerodays/cve-2015-8766-getsymphoney.html"},{"reference_url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3","reference_id":"GHSA-4c5w-qqfg-grf3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4c5w-qqfg-grf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61123?format=json","purl":"pkg:composer/symfony/symfony@2.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-epe4-cnhd-zyef"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-s3xz-n4w1-ekd2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-vnku-f414-dyh9"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zqk8-27jq-j7dx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.6.4"}],"aliases":["CVE-2015-8766","GHSA-4c5w-qqfg-grf3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhq5-ppcx-yubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10945?format=json","vulnerability_id":"VCID-zqk8-27jq-j7dx","summary":"CVE-2016-4423: Large username storage in session\nThe attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"0.01435","scoring_system":"epss","scoring_elements":"0.81005","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4423"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/pull/18733","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/18733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4423"},{"reference_url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"},{"reference_url":"http://www.debian.org/security/2016/dsa-3588","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2016/dsa-3588"},{"reference_url":"https://symfony.com/cve-2016-4423","reference_id":"CVE-2016-4423","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2016-4423"},{"reference_url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session","reference_id":"CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION","reference_type":"","scores":[],"url":"http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51670?format=json","purl":"pkg:composer/symfony/symfony@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/51671?format=json","purl":"pkg:composer/symfony/symfony@2.8.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-d814-yjkr-p3ga"},{"vulnerability":"VCID-fytq-6ane-hyf7"},{"vulnerability":"VCID-g8cq-v4et-cue4"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.6"},{"url":"http://public2.vulnerablecode.io/api/packages/51672?format=json","purl":"pkg:composer/symfony/symfony@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fjn-22pk-p7fx"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-6kq8-5k4z-27f2"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-7pwc-t6vf-eyax"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-8y4h-6hx7-v3h5"},{"vulnerability":"VCID-9mbr-qumx-8yhz"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-mxta-zqzb-nfbv"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-uvpz-6mss-9bgn"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-yzth-mby6-fua5"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.6"}],"aliases":["CVE-2016-4423","GHSA-whgv-8cg3-7hcm"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqk8-27jq-j7dx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.5.6"}