VulnerableCode Package Details - pkg:composer/symfony/framework-bundle@2.3.18

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-zry9-awfb-hqab	Code injection in the way Symfony implements translation caching in FrameworkBundle When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance): When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first.	CVE-2014-4931 GHSA-wfv7-5x33-v22h

Vulnerability

Summary

Aliases

VCID-zry9-awfb-hqab

Code injection in the way Symfony implements translation caching in FrameworkBundle When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance): When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first.

CVE-2014-4931
GHSA-wfv7-5x33-v22h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T14:35:00.487731+00:00	GHSA Importer	Fixing	VCID-zry9-awfb-hqab	https://github.com/advisories/GHSA-wfv7-5x33-v22h	36.1.3
2025-07-01T12:11:30.020342+00:00	GithubOSV Importer	Fixing	VCID-zry9-awfb-hqab	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wfv7-5x33-v22h/GHSA-wfv7-5x33-v22h.json	36.1.3

2025-07-01T14:35:00.487731+00:00

GHSA Importer

Fixing

VCID-zry9-awfb-hqab

https://github.com/advisories/GHSA-wfv7-5x33-v22h

36.1.3

2025-07-01T12:11:30.020342+00:00

GithubOSV Importer

Fixing

VCID-zry9-awfb-hqab

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wfv7-5x33-v22h/GHSA-wfv7-5x33-v22h.json

36.1.3