{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19095?format=json","vulnerability_id":"VCID-neyj-8fkw-fyb7","summary":"Symfony XML decoding attack vector through external entities\nThe XMLEncoder component of Symfony 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system.","aliases":[{"alias":"GHSA-mmcv-fvq8-r9x3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20037?format=json","purl":"pkg:composer/symfony/symfony@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.11"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20036?format=json","purl":"pkg:composer/symfony/symfony@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/147931?format=json","purl":"pkg:composer/symfony/symfony@2.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/147932?format=json","purl":"pkg:composer/symfony/symfony@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-742s-vczp-tuh1"},{"vulnerability":"VCID-7ms4-3hc6-8bgv"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/20121?format=json","purl":"pkg:composer/symfony/symfony@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/147933?format=json","purl":"pkg:composer/symfony/symfony@2.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/147934?format=json","purl":"pkg:composer/symfony/symfony@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/147935?format=json","purl":"pkg:composer/symfony/symfony@2.0.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23wm-y6hh-hfd3"},{"vulnerability":"VCID-2hua-7wbd-tqbx"},{"vulnerability":"VCID-446x-j2gr-f3a2"},{"vulnerability":"VCID-4num-z8cg-83gt"},{"vulnerability":"VCID-556v-rym3-6yax"},{"vulnerability":"VCID-6cea-up73-y3hn"},{"vulnerability":"VCID-6z5x-uwjt-uueq"},{"vulnerability":"VCID-71vh-7wte-kfcx"},{"vulnerability":"VCID-9bzz-84cq-ykh2"},{"vulnerability":"VCID-ahhz-bs6u-f3bc"},{"vulnerability":"VCID-bdhj-np35-sybt"},{"vulnerability":"VCID-bhfu-7788-fbhc"},{"vulnerability":"VCID-bny7-h1nn-bkbc"},{"vulnerability":"VCID-c8ar-82sr-fqej"},{"vulnerability":"VCID-d1kp-7aht-9qa2"},{"vulnerability":"VCID-fgxs-w84s-8kh3"},{"vulnerability":"VCID-hzwd-mq3r-qfcb"},{"vulnerability":"VCID-jdsd-3vnz-uygn"},{"vulnerability":"VCID-jjqk-u4vs-tbba"},{"vulnerability":"VCID-k37h-bhh2-myaj"},{"vulnerability":"VCID-k8ze-h7fe-fkg2"},{"vulnerability":"VCID-kgu6-gj5d-7bfx"},{"vulnerability":"VCID-neyj-8fkw-fyb7"},{"vulnerability":"VCID-nsk8-bk5e-tbfh"},{"vulnerability":"VCID-p1dw-w76f-gbfv"},{"vulnerability":"VCID-qty4-cyfa-rugw"},{"vulnerability":"VCID-qwcj-hq3g-2qd7"},{"vulnerability":"VCID-rgh3-ef8t-k3ec"},{"vulnerability":"VCID-rxbg-gmn6-kbeq"},{"vulnerability":"VCID-rztj-ug83-dyga"},{"vulnerability":"VCID-sfzy-423b-j3b4"},{"vulnerability":"VCID-skth-cf6d-3ubr"},{"vulnerability":"VCID-srrc-wxew-1fc6"},{"vulnerability":"VCID-thtp-ehsj-t3ej"},{"vulnerability":"VCID-u84h-sr6a-4uc7"},{"vulnerability":"VCID-unuf-vj1b-qbhr"},{"vulnerability":"VCID-wwhm-mrr3-v7h3"},{"vulnerability":"VCID-xmur-ps51-myfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.0.10"}],"references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-02-24.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/2012-02-24.yaml"},{"reference_url":"https://github.com/symfony/symfony","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony"},{"reference_url":"https://github.com/symfony/symfony/commit/3e64d36cbdc34acaa82e0e6318112cd2eacb6fec","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/symfony/symfony/commit/3e64d36cbdc34acaa82e0e6318112cd2eacb6fec"},{"reference_url":"https://symfony.com/blog/security-release-symfony-2-0-11-released","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://symfony.com/blog/security-release-symfony-2-0-11-released"},{"reference_url":"https://github.com/advisories/GHSA-mmcv-fvq8-r9x3","reference_id":"GHSA-mmcv-fvq8-r9x3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mmcv-fvq8-r9x3"}],"weaknesses":[{"cwe_id":502,"name":"Deserialization of Untrusted Data","description":"The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-neyj-8fkw-fyb7"}