{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","type":"deb","namespace":"debian","name":"symfony","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.0.21-1.1","latest_non_vulnerable_version":"7.4.10+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46351?format=json","vulnerability_id":"VCID-2ts3-y5j2-vufe","summary":"Authentication granted to all firewalls instead of just one\nDescription\n-----------\n\nWhen an application defines multiple firewalls, the authenticated token delivered by one of the firewalls is available to all other firewalls. This can be abused when the application defines different providers for different parts of an application. In such a situation, a user authenticated on one part of the application is considered authenticated on the whole application.\n\nResolution\n----------\n\nWe now ensure that the authenticated token is only available for the firewall that generates it.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728) for branch 5.3.\n\nCredits\n-------\n\nI would like to thank Bogdan, gndk, Paweł Warchoł, Warxcell, and Adrien Lamotte for reporting the issue and Wouter J for fixing the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67976","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67736","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67802","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67825","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67811","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67777","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67813","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67807","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67827","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67837","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67817","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.6786","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.679","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67963","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00545","scoring_system":"epss","scoring_elements":"0.67703","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32693"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml"},{"reference_url":"https://github.com/symfony/security-http","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/security-http"},{"reference_url":"https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129"},{"reference_url":"https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32693"},{"reference_url":"https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one"},{"reference_url":"https://symfony.com/cve-2021-32693","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-32693"},{"reference_url":"https://github.com/advisories/GHSA-rfcf-m67m-jcrq","reference_id":"GHSA-rfcf-m67m-jcrq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfcf-m67m-jcrq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32693","GHSA-rfcf-m67m-jcrq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ts3-y5j2-vufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17406?format=json","vulnerability_id":"VCID-4num-z8cg-83gt","summary":"Symfony vulnerable to command execution hijack on Windows with Process class\n### Description\n\nOn Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking.\n\n### Resolution\n\nThe `Process` class now uses the absolute path to `cmd.exe`.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9) for branch 5.4.\n\n### Credits\n\nWe would like to thank Jordi Boggiano for reporting the issue and Nicolas Grekas for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73727","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73913","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73906","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73849","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73826","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73863","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73812","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73761","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.7374","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00783","scoring_system":"epss","scoring_elements":"0.73785","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51736"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/process/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51736.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/18ecd03eda3917fdf901a48e72518f911c64a1c9"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q","reference_id":"","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-21T23:20:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51736"},{"reference_url":"https://symfony.com/cve-2024-51736","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51736"},{"reference_url":"https://github.com/advisories/GHSA-qq5c-677p-737q","reference_id":"GHSA-qq5c-677p-737q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qq5c-677p-737q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-51736","GHSA-qq5c-677p-737q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4num-z8cg-83gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10675?format=json","vulnerability_id":"VCID-76y9-1jsf-rfez","summary":"Empty passwords validation issue\nValidating a user password with a `UserPassword` constraint but with no `NotBlank` constraint passes without any error (the empty password would not be compared with the user password). Note that you should always be explicit and add a `NotBlank` constraint, but as it worked before without, it's considered as a backward compatibility break and a security issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57983","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57864","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57914","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57931","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57908","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57917","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57916","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57894","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57854","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57872","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57811","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57893","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57961","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57976","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11365"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f"},{"reference_url":"https://github.com/symfony/symfony/pull/23507","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/23507"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11365"},{"reference_url":"https://symfony.com/cve-2017-11365","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2017-11365"},{"reference_url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue","reference_id":"CVE-2017-11365-EMPTY-PASSWORDS-VALIDATION-ISSUE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue"},{"reference_url":"https://github.com/advisories/GHSA-q87v-q8fw-gmj5","reference_id":"GHSA-q87v-q8fw-gmj5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q87v-q8fw-gmj5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2017-11365","GHSA-q87v-q8fw-gmj5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76y9-1jsf-rfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19765?format=json","vulnerability_id":"VCID-7hh3-16j3-4yaf","summary":"Symfony possible session fixation vulnerability\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier does not change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733","reference_id":"","reference_type":"","scores":[{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77656","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77659","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77621","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77623","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77639","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77605","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77575","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01058","scoring_system":"epss","scoring_elements":"0.77595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.7935","published_at":"2026-05-16T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79169","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79203","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.7921","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79226","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.7924","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79261","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79277","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79295","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79335","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01228","scoring_system":"epss","scoring_elements":"0.79345","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46733"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9"},{"reference_url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775","reference_id":"1055775","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46733","reference_id":"CVE-2023-46733","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46733"},{"reference_url":"https://symfony.com/cve-2023-46733","reference_id":"CVE-2023-46733","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46733"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml","reference_id":"CVE-2023-46733.YAML","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml"},{"reference_url":"https://github.com/advisories/GHSA-m2wj-r6g3-fxfx","reference_id":"GHSA-m2wj-r6g3-fxfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2wj-r6g3-fxfx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx","reference_id":"GHSA-m2wj-r6g3-fxfx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940365?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940366?format=json","purl":"pkg:deb/debian/symfony@5.4.31%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.31%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46733","GHSA-m2wj-r6g3-fxfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hh3-16j3-4yaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17417?format=json","vulnerability_id":"VCID-8kq8-2mv9-s3ad","summary":"Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient\n### Description\n\nWhen using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration.\n\n### Resolution\n\nThe `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks.\n\nThe fisrt patch for this issue is available [here](https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b) for branch 5.4.\n\nThe second one is available [here](https://github.com/symfony/symfony/commit/b4bf5afdbdcb2fd03da513ee03beeabeb551e5fa) for branch 5.4 also.\n\n### Credits\n\nWe would like to thank Linus Karlsson and Chris Smith for reporting the issue and Nicolas Grekas for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58257","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58281","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58259","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.58205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00361","scoring_system":"epss","scoring_elements":"0.5823","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66224","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66065","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66079","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66088","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66099","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66075","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6612","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66163","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66135","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66214","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50342"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-client/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50342.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:26Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50342"},{"reference_url":"https://symfony.com/cve-2024-50342","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50342"},{"reference_url":"https://github.com/advisories/GHSA-9c3x-r3wp-mgxm","reference_id":"GHSA-9c3x-r3wp-mgxm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c3x-r3wp-mgxm"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940368?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940371?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50342","GHSA-9c3x-r3wp-mgxm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kq8-2mv9-s3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16989?format=json","vulnerability_id":"VCID-en6a-wp7q-fbfs","summary":"Symfony allows changing the environment through a query\n### Description\n\nWhen the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.\n\n### Resolution\n\nThe `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa) for branch 5.4.\n\n### Credits\n\nWe would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99373","published_at":"2026-04-09T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99386","published_at":"2026-05-15T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99385","published_at":"2026-05-12T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99382","published_at":"2026-05-11T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99381","published_at":"2026-05-09T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99379","published_at":"2026-05-07T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99378","published_at":"2026-05-05T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99377","published_at":"2026-04-24T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99375","published_at":"2026-04-12T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99368","published_at":"2026-04-02T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.9937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99374","published_at":"2026-04-13T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99371","published_at":"2026-04-07T12:55:00Z"},{"value":"0.85618","scoring_system":"epss","scoring_elements":"0.99372","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50340"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:27:34Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50340"},{"reference_url":"https://symfony.com/cve-2024-50340","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50340"},{"reference_url":"https://github.com/advisories/GHSA-x8vp-gf4q-mw5j","reference_id":"GHSA-x8vp-gf4q-mw5j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8vp-gf4q-mw5j"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940368?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940369?format=json","purl":"pkg:deb/debian/symfony@6.4.14%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.14%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50340","GHSA-x8vp-gf4q-mw5j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-en6a-wp7q-fbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7043?format=json","vulnerability_id":"VCID-hzwd-mq3r-qfcb","summary":"Uncontrolled Resource Consumption\nThe Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64949","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64794","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64806","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64803","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64783","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64831","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64875","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64845","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64866","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64922","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64932","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64663","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64763","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64781","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64769","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64779","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64789","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5958"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml"},{"reference_url":"https://github.com/symfony/polyfill/pull/155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/polyfill/pull/155"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/issues/11522","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/issues/11522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5958"},{"reference_url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-cr49-fx2v-9p57","reference_id":"GHSA-cr49-fx2v-9p57","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr49-fx2v-9p57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-5958","GHSA-cr49-fx2v-9p57"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hzwd-mq3r-qfcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20306?format=json","vulnerability_id":"VCID-kgu6-gj5d-7bfx","summary":"Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows\n### Summary\nThe Symfony Process component did not correctly treat some characters (notably `=`) as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment (e.g. Git Bash) and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can mishandle unquoted arguments containing these characters.\n\nThis can cause the spawned process to receive corrupted/truncated arguments compared to what Symfony intended.\n\n### Impact\nIf an application (or tooling such as Composer scripts) uses Symfony Process to invoke file-management commands (e.g. `rmdir`, `del`, etc.) with a path argument containing `=`, the MSYS2 conversion layer may alter the argument at runtime. In affected setups this can result in operations being performed on an unintended path, up to and including deletion of the contents of a broader directory or drive.\n\nThe issue is particularly relevant when untrusted input can influence process arguments (directly or indirectly, e.g. via repository paths, extracted archive paths, temporary directories, or user-controlled configuration).\n\n### Resolution\nUpgrade to a Symfony release that includes the fix from symfony/symfony#63164 (which updates Windows argument escaping to ensure arguments containing = and other MSYS2-sensitive characters are properly quoted/escaped).\nThe patch for branch 5.4 is available at https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b\n\n### Workarounds / Mitigations\nAvoid running PHP/your tooling from MSYS2-based shells on Windows; prefer cmd.exe or PowerShell for workflows that spawn native executables.\nAvoid passing paths containing `=` (and similar MSYS2-sensitive characters) to Symfony Process when operating under Git Bash/MSYS2.\nWhere applicable, configure MSYS2 to disable or restrict argument conversion (e.g. via `MSYS2_ARG_CONV_EXCL`), understanding this may affect other tooling behavior.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00716","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00719","published_at":"2026-04-02T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0093","published_at":"2026-05-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00935","published_at":"2026-05-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00942","published_at":"2026-05-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00945","published_at":"2026-05-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0095","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00956","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00952","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00949","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00892","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00895","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00894","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00899","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0091","published_at":"2026-04-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00938","published_at":"2026-05-15T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00911","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00913","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24739"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/35203939050e5abd3caf2202113b00cab5d379b3"},{"reference_url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/commit/ec154f6f95f8c60f831998ec4d246a857e9d179b"},{"reference_url":"https://github.com/symfony/symfony/issues/62921","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/issues/62921"},{"reference_url":"https://github.com/symfony/symfony/pull/63164","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/pull/63164"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T16:03:49Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-r39x-jcww-82v6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24739"},{"reference_url":"https://github.com/advisories/GHSA-r39x-jcww-82v6","reference_id":"GHSA-r39x-jcww-82v6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r39x-jcww-82v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2026-24739","GHSA-r39x-jcww-82v6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgu6-gj5d-7bfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11637?format=json","vulnerability_id":"VCID-kqcd-f4vt-r7g8","summary":"Session Fixation\n`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65066","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64883","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.649","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64863","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64911","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64896","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64903","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.6495","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64992","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64962","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64982","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65039","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65049","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64778","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41268"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://symfony.com/cve-2021-41268","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-41268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268","reference_id":"CVE-2021-41268","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41268"},{"reference_url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qw36-p97w-vcqr"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr","reference_id":"GHSA-qw36-p97w-vcqr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41268","GHSA-qw36-p97w-vcqr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqcd-f4vt-r7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11632?format=json","vulnerability_id":"VCID-n3d2-zwve-gbf5","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\n`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64362","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64126","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64177","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64193","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64195","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64202","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64213","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64201","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64221","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64206","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64249","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64295","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64262","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64287","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6434","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64347","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64139","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64166","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41267"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml"},{"reference_url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487"},{"reference_url":"https://github.com/symfony/symfony/pull/44243","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/pull/44243"},{"reference_url":"https://github.com/symfony/symfony/releases/tag/v5.3.12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/releases/tag/v5.3.12"},{"reference_url":"https://symfony.com/cve-2021-41267","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2021-41267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267","reference_id":"CVE-2021-41267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41267"},{"reference_url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3j3-w37x-hq2q"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q","reference_id":"GHSA-q3j3-w37x-hq2q","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41267","GHSA-q3j3-w37x-hq2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3d2-zwve-gbf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17463?format=json","vulnerability_id":"VCID-pdcr-fsbk-63bx","summary":"Symfony's `Security::login` does not take into account custom `user_checker`\n### Description\n\nThe custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to  unwanted login.\n\n### Resolution\n\nThe `Security::login` method now ensure to call the configured `user_checker`.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105) for branch 6.4.\n\n### Credits\n\nWe would like to thank Oleg Andreyev, Antoine MAKDESSI for reporting the issue and Christian Flothmann for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3453","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34984","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3501","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3489","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34935","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34932","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34909","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34947","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3493","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34886","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34543","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34413","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34483","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3452","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34415","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34441","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3451","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50341"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:26:59Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50341"},{"reference_url":"https://symfony.com/cve-2024-50341","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-50341"},{"reference_url":"https://github.com/advisories/GHSA-jxgr-3v7q-3w9v","reference_id":"GHSA-jxgr-3v7q-3w9v","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jxgr-3v7q-3w9v"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940370?format=json","purl":"pkg:deb/debian/symfony@6.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-50341","GHSA-jxgr-3v7q-3w9v"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdcr-fsbk-63bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12454?format=json","vulnerability_id":"VCID-qwcj-hq3g-2qd7","summary":"Cross-Site Request Forgery (CSRF)\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled. In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks. This issue has been resolved in the patch versions listed and users are advised to update. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3841","published_at":"2026-05-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38787","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38758","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38678","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38521","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38496","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38407","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38288","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38358","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38369","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3828","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38305","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3838","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38387","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38797","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23601"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-23601.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50"},{"reference_url":"https://symfony.com/cve-2022-23601","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2022-23601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601","reference_id":"CVE-2022-23601","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23601"},{"reference_url":"https://github.com/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvmr-8829-6whx"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx","reference_id":"GHSA-vvmr-8829-6whx","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:46Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-vvmr-8829-6whx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-23601","GHSA-vvmr-8829-6whx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcj-hq3g-2qd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17314?format=json","vulnerability_id":"VCID-sbsb-u8u5-4bcm","summary":"Symfony has an Authentication Bypass via RememberMe\n### Description\n\nWhen consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.\n\n### Resolution\n\nThe `PersistentRememberMeHandler` class now ensures the submitted username is the cookie owner.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a) for branch 5.4.\n\n### Credits\n\nWe would like to thank Moritz Rauch - Pentryx AG for reporting the issue and Jérémy Derussé for providing the fix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20333","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25113","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25158","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25272","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.252","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2519","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25108","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25097","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25052","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2493","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24994","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25053","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24981","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25001","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25078","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51996"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51996"},{"reference_url":"https://symfony.com/cve-2024-51996","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2024-51996"},{"reference_url":"https://github.com/advisories/GHSA-cg23-qf8f-62rr","reference_id":"GHSA-cg23-qf8f-62rr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cg23-qf8f-62rr"},{"reference_url":"https://usn.ubuntu.com/7272-1/","reference_id":"USN-7272-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7272-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940374?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940371?format=json","purl":"pkg:deb/debian/symfony@6.4.15%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.15%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-51996","GHSA-cg23-qf8f-62rr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbsb-u8u5-4bcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19767?format=json","vulnerability_id":"VCID-znfv-ngqc-fudw","summary":"Cross-site scripting\nSymfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now does not return any user-submitted input in its response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735","reference_id":"","reference_type":"","scores":[{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85432","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85428","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85365","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.85396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02516","scoring_system":"epss","scoring_elements":"0.8541","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86411","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86515","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86479","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86466","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86469","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.8645","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86414","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86404","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86526","published_at":"2026-05-16T12:55:00Z"},{"value":"0.02911","scoring_system":"epss","scoring_elements":"0.86524","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46735"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46735","reference_id":"CVE-2023-46735","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46735"},{"reference_url":"https://symfony.com/cve-2023-46735","reference_id":"CVE-2023-46735","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/cve-2023-46735"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml","reference_id":"CVE-2023-46735.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml"},{"reference_url":"https://github.com/advisories/GHSA-72x2-5c85-6wmr","reference_id":"GHSA-72x2-5c85-6wmr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72x2-5c85-6wmr"},{"reference_url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr","reference_id":"GHSA-72x2-5c85-6wmr","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/"}],"url":"https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940346?format=json","purl":"pkg:deb/debian/symfony@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940343?format=json","purl":"pkg:deb/debian/symfony@4.4.19%2Bdfsg-2%2Bdeb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p1dw-w76f-gbfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@4.4.19%252Bdfsg-2%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940341?format=json","purl":"pkg:deb/debian/symfony@5.4.23%2Bdfsg-1%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@5.4.23%252Bdfsg-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940345?format=json","purl":"pkg:deb/debian/symfony@6.4.21%2Bdfsg-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@6.4.21%252Bdfsg-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940344?format=json","purl":"pkg:deb/debian/symfony@7.4.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1000493?format=json","purl":"pkg:deb/debian/symfony@7.4.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103085?format=json","purl":"pkg:deb/debian/symfony@7.4.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1108348?format=json","purl":"pkg:deb/debian/symfony@7.4.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@7.4.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46735","GHSA-72x2-5c85-6wmr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znfv-ngqc-fudw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/symfony@0%3Fdistro=trixie"}