Search for packages
Package details: pkg:composer/symfony/yaml@2.0.17
purl pkg:composer/symfony/yaml@2.0.17
Next non-vulnerable version 2.0.22
Latest non-vulnerable version 2.1.7
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-pm5w-g66m-sybw
Aliases:
CVE-2013-1348
GHSA-2r5h-6r7v-5m7c
Symphony Vulnerable to PHP Code Injection via YAML Parsing The `Yaml::parse` function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
2.0.22
Affected by 0 other vulnerabilities.
VCID-s2at-s4ej-rfdw
Aliases:
CVE-2013-1397
GHSA-7w53-hfpw-rg3g
Symfony Arbitrary PHP code Execution Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348.
2.0.22
Affected by 0 other vulnerabilities.
2.1.7
Affected by 0 other vulnerabilities.
2.2.0-BETA2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T18:19:33.630214+00:00 GitLab Importer Affected by VCID-s2at-s4ej-rfdw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/yaml/CVE-2013-1397.yml 37.0.0
2025-07-03T17:12:46.622925+00:00 GitLab Importer Affected by VCID-pm5w-g66m-sybw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/yaml/CVE-2013-1348.yml 37.0.0