Search for packages
Package details: pkg:composer/symfony/mime@4.3.0
purl pkg:composer/symfony/mime@4.3.0
Next non-vulnerable version 4.3.8
Latest non-vulnerable version 4.3.8
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-718a-9ndd-syex
Aliases:
CVE-2019-18888
GHSA-xhh6-956q-4q69
Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
4.3.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T17:37:28.124216+00:00 GitLab Importer Affected by VCID-718a-9ndd-syex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/mime/CVE-2019-18888.yml 37.0.0
2025-07-03T13:54:53.812059+00:00 GitLab Importer Affected by VCID-718a-9ndd-syex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/mime/CVE-2019-18888.yml 36.1.3
2025-07-01T14:29:58.976278+00:00 GHSA Importer Affected by VCID-718a-9ndd-syex https://github.com/advisories/GHSA-xhh6-956q-4q69 36.1.3