VulnerableCode Package Details - pkg:composer/symfony/symfony@3.4.35

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-718a-9ndd-syex	Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).	CVE-2019-18888 GHSA-xhh6-956q-4q69
VCID-qr3v-jkjd-qfb1	Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.	CVE-2019-18889 GHSA-79gr-58r3-pwm3
VCID-s3ep-tgah-aud1	Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.	CVE-2019-18887 GHSA-q8hg-pf8v-cxrv

Vulnerability

Summary

Aliases

VCID-718a-9ndd-syex

Argument injection in a MimeTypeGuesser in Symfony An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

CVE-2019-18888
GHSA-xhh6-956q-4q69

VCID-qr3v-jkjd-qfb1

Symfony Unsafe Cache Serialization Could Enable RCE An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

CVE-2019-18889
GHSA-79gr-58r3-pwm3

VCID-s3ep-tgah-aud1

Symfony Http-Kernel has non-constant time comparison in UriSigner When checking the signature of an URI (an ESI fragment URL for instance), the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability.

CVE-2019-18887
GHSA-q8hg-pf8v-cxrv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T14:31:32.358854+00:00	GHSA Importer	Fixing	VCID-s3ep-tgah-aud1	https://github.com/advisories/GHSA-q8hg-pf8v-cxrv	36.1.3
2025-07-01T14:29:58.865810+00:00	GHSA Importer	Fixing	VCID-718a-9ndd-syex	https://github.com/advisories/GHSA-xhh6-956q-4q69	36.1.3
2025-07-01T14:29:58.759159+00:00	GHSA Importer	Fixing	VCID-qr3v-jkjd-qfb1	https://github.com/advisories/GHSA-79gr-58r3-pwm3	36.1.3
2025-07-01T12:24:49.887506+00:00	GithubOSV Importer	Fixing	VCID-s3ep-tgah-aud1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-q8hg-pf8v-cxrv/GHSA-q8hg-pf8v-cxrv.json	36.1.3
2025-07-01T12:21:55.823272+00:00	GithubOSV Importer	Fixing	VCID-718a-9ndd-syex	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-xhh6-956q-4q69/GHSA-xhh6-956q-4q69.json	36.1.3
2025-07-01T12:21:54.402249+00:00	GithubOSV Importer	Fixing	VCID-qr3v-jkjd-qfb1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-79gr-58r3-pwm3/GHSA-79gr-58r3-pwm3.json	36.1.3