{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13601?format=json","vulnerability_id":"VCID-59sy-m44r-h3gn","summary":"SQL Injection\nIn Symfony HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.","aliases":[{"alias":"CVE-2019-10913"},{"alias":"GHSA-x92h-wmg2-6hp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57000?format=json","purl":"pkg:composer/symfony/http-foundation@2.7.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/57001?format=json","purl":"pkg:composer/symfony/http-foundation@2.8.50","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/57002?format=json","purl":"pkg:composer/symfony/http-foundation@3.4.26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74438?format=json","purl":"pkg:composer/symfony/http-foundation@4.1.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57003?format=json","purl":"pkg:composer/symfony/http-foundation@4.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57015?format=json","purl":"pkg:composer/symfony/symfony@2.7.51","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.51"},{"url":"http://public2.vulnerablecode.io/api/packages/57016?format=json","purl":"pkg:composer/symfony/symfony@2.8.50","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.50"},{"url":"http://public2.vulnerablecode.io/api/packages/57017?format=json","purl":"pkg:composer/symfony/symfony@3.4.26","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.4.26"},{"url":"http://public2.vulnerablecode.io/api/packages/74356?format=json","purl":"pkg:composer/symfony/symfony@4.1.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57018?format=json","purl":"pkg:composer/symfony/symfony@4.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.7"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56998?format=json","purl":"pkg:composer/symfony/http-foundation@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56999?format=json","purl":"pkg:composer/symfony/http-foundation@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54840?format=json","purl":"pkg:composer/symfony/http-foundation@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54841?format=json","purl":"pkg:composer/symfony/http-foundation@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-yasp-usps-xkc3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/74439?format=json","purl":"pkg:composer/symfony/http-foundation@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/51364?format=json","purl":"pkg:composer/symfony/symfony@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s54-qwaj-dbg5"},{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-d4ry-msw9-17gu"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-vmr4-cut4-2fe6"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54836?format=json","purl":"pkg:composer/symfony/symfony@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54808?format=json","purl":"pkg:composer/symfony/symfony@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-6bdp-9ng3-uyb1"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-h377-gc9v-abep"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54809?format=json","purl":"pkg:composer/symfony/symfony@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-7cdk-bmdh-2fde"},{"vulnerability":"VCID-8627-nvyk-w7fu"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kx25-m1mp-zfay"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-mbd5-rsax-jya9"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-n4kq-nskp-1qar"},{"vulnerability":"VCID-tpgm-tx2g-4bh2"},{"vulnerability":"VCID-vysf-2cxd-zqe2"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-wnu2-cmrt-bkhr"},{"vulnerability":"VCID-x8xk-7pga-33hz"},{"vulnerability":"VCID-yasp-usps-xkc3"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56132?format=json","purl":"pkg:composer/symfony/symfony@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-59sy-m44r-h3gn"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-a9gt-63v3-vbdf"},{"vulnerability":"VCID-kw21-fsjq-mbb4"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-n1c7-yabu-jye7"},{"vulnerability":"VCID-w8s1-z3hu-8beh"},{"vulnerability":"VCID-zmrn-3fbj-gqcm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.2.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49262","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10913"},{"reference_url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8ec"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10913"},{"reference_url":"https://symfony.com/cve-2019-10913","reference_id":"CVE-2019-10913","reference_type":"","scores":[],"url":"https://symfony.com/cve-2019-10913"},{"reference_url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides","reference_id":"CVE-2019-10913-REJECT-INVALID-HTTP-METHOD-OVERRIDES","reference_type":"","scores":[],"url":"https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml","reference_id":"CVE-2019-10913.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10913.yaml"},{"reference_url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7","reference_id":"GHSA-x92h-wmg2-6hp7","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x92h-wmg2-6hp7"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59sy-m44r-h3gn"}