VulnerableCode Package Details - pkg:composer/symfony/symfony@2.2.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dk97-6ha4-u7ek	Symfony Host Header Injection vulnerability in the HttpFoundation component Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.	CVE-2013-4752 GHSA-22pv-7v9j-hqxp
VCID-mrwn-pp7p-ffa9	Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.	CVE-2013-4751 GHSA-q8j7-fjh7-25v5

Vulnerability

Summary

Aliases

VCID-dk97-6ha4-u7ek

Symfony Host Header Injection vulnerability in the HttpFoundation component Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.

CVE-2013-4752
GHSA-22pv-7v9j-hqxp

VCID-mrwn-pp7p-ffa9

Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.

CVE-2013-4751
GHSA-q8j7-fjh7-25v5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:09:57.823591+00:00	GitLab Importer	Fixing	VCID-dk97-6ha4-u7ek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2013-4752.yml	36.1.3
2025-07-01T14:31:54.990164+00:00	GHSA Importer	Fixing	VCID-dk97-6ha4-u7ek	https://github.com/advisories/GHSA-22pv-7v9j-hqxp	36.1.3
2025-07-01T14:31:54.594112+00:00	GHSA Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://github.com/advisories/GHSA-q8j7-fjh7-25v5	36.1.3
2025-07-01T12:27:43.522181+00:00	GithubOSV Importer	Fixing	VCID-dk97-6ha4-u7ek	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-22pv-7v9j-hqxp/GHSA-22pv-7v9j-hqxp.json	36.1.3
2025-07-01T12:27:19.575043+00:00	GithubOSV Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q8j7-fjh7-25v5/GHSA-q8j7-fjh7-25v5.json	36.1.3