Search for packages
| purl | pkg:composer/symfony/http-kernel@2.3.38 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s3ep-tgah-aud1
Aliases: CVE-2019-18887 GHSA-q8hg-pf8v-cxrv |
Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:37:30.643930+00:00 | GitLab Importer | Affected by | VCID-s3ep-tgah-aud1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-kernel/CVE-2019-18887.yml | 37.0.0 |