VulnerableCode Package Details - pkg:composer/symfony/symfony@2.8.52

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-718a-9ndd-syex	Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).	CVE-2019-18888 GHSA-xhh6-956q-4q69
VCID-s3ep-tgah-aud1	Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.	CVE-2019-18887 GHSA-q8hg-pf8v-cxrv

Vulnerability

Summary

Aliases

VCID-718a-9ndd-syex

Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

CVE-2019-18888
GHSA-xhh6-956q-4q69

VCID-s3ep-tgah-aud1

Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.

CVE-2019-18887
GHSA-q8hg-pf8v-cxrv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T13:54:54.213721+00:00	GitLab Importer	Fixing	VCID-s3ep-tgah-aud1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2019-18887.yml	36.1.3
2025-07-03T13:54:53.887725+00:00	GitLab Importer	Fixing	VCID-718a-9ndd-syex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2019-18888.yml	36.1.3
2025-07-01T14:31:32.483303+00:00	GHSA Importer	Fixing	VCID-s3ep-tgah-aud1	https://github.com/advisories/GHSA-q8hg-pf8v-cxrv	36.1.3
2025-07-01T14:29:58.787182+00:00	GHSA Importer	Fixing	VCID-718a-9ndd-syex	https://github.com/advisories/GHSA-xhh6-956q-4q69	36.1.3
2025-07-01T12:24:49.843177+00:00	GithubOSV Importer	Fixing	VCID-s3ep-tgah-aud1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-q8hg-pf8v-cxrv/GHSA-q8hg-pf8v-cxrv.json	36.1.3
2025-07-01T12:21:55.775480+00:00	GithubOSV Importer	Fixing	VCID-718a-9ndd-syex	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-xhh6-956q-4q69/GHSA-xhh6-956q-4q69.json	36.1.3