{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19041?format=json","vulnerability_id":"VCID-k37h-bhh2-myaj","summary":"Symfony XML Entity Expansion security vulnerability\nSymfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no current method of disabling custom entities in PHP (i.e. defined internal to the XML document without using external entities). In a QBA, a long entity can be defined and then referred to multiple times in document elements, creating a memory sink with which Denial Of Service attacks against a host's RAM can be mounted. The use of the LIBXML_NOENT or equivalent option in a dependent extension amplified the impact (it doesn't actually mean \"No Entities\"). In addition, libxml2's innate defense against the related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML_PARSEHUGE is NOT set (it disables libxml2's hardcoded entity recursion limit). No instances of these two options were noted, but it's worth referencing for the future.\n\nConsider this (non-fatal) example:\n\n<?xml version=\"1.0\"?>\n<!DOCTYPE data [<!ENTITY a\n\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\">]>\n<data>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</data>\nIncrease the length of entity, and entity count to a few hundred, and peak memory usage will waste no time spiking the moment the nodeValue for is accessed since the entities will then be expanded by a simple multiplier effect. No external entities required.\n\n...\n\nThis can be used in combination with the usual XXE defense of calling libxml_disable_entity_loader(TRUE) and, optionally, the LIBXML_NONET option (should local filesystem access be allowable). The DOCTYPE may be removed instead of rejecting the XML outright but this would likely result in other problems with the unresolved entities.","aliases":[{"alias":"GHSA-q2gc-gg3x-7942"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20094?format=json","purl":"pkg:composer/symfony/symfony@2.0.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.17"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20036?format=json","purl":"pkg:composer/symfony/symfony@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147931?format=json","purl":"pkg:composer/symfony/symfony@2.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/147932?format=json","purl":"pkg:composer/symfony/symfony@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20121?format=json","purl":"pkg:composer/symfony/symfony@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/147933?format=json","purl":"pkg:composer/symfony/symfony@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/147934?format=json","purl":"pkg:composer/symfony/symfony@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/147935?format=json","purl":"pkg:composer/symfony/symfony@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.10"},{"url":"http://public2.vulnerablecode.io/api/packages/20037?format=json","purl":"pkg:composer/symfony/symfony@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/148013?format=json","purl":"pkg:composer/symfony/symfony@2.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/148014?format=json","purl":"pkg:composer/symfony/symfony@2.0.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/148015?format=json","purl":"pkg:composer/symfony/symfony@2.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/148016?format=json","purl":"pkg:composer/symfony/symfony@2.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/148017?format=json","purl":"pkg:composer/symfony/symfony@2.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.16"}],"references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-08-28.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/blob/2.0/CHANGELOG-2.0.md"},{"reference_url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/compare/352e8f583c87c709de197bb16c4053d2e87fd4cd...5bf4f92e86c34690d71e8f94350ec975909a435b.diff"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-17-released","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-17-released"},{"reference_url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942","reference_id":"GHSA-q2gc-gg3x-7942","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2gc-gg3x-7942"}],"weaknesses":[{"cwe_id":776,"name":"Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')","description":"The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k37h-bhh2-myaj"}