symfony/symfony vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the symfony/symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Authentication Bypass

>=5.3.0, <5.4.47>=6.0.0-BETA1, <6.4.15>=7.0.0-BETA1, <7.1.8
  • M
Access Restriction Bypass

<5.4.46>=6.0.0-BETA1, <6.4.14>=7.0.0-BETA1, <7.1.7
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

>=6.3.0, <6.3.8
  • M
Session Fixation

>=5.4.21, <5.4.31>=6.2.7, <6.3.8
  • M
Cross-site Scripting (XSS)

>=2.0.0, <4.4.51>=5.0.0, <5.4.31>=6.0.0, <6.3.8
  • M
Cross-site Scripting (XSS)

<2.6.4
  • H
Authentication Bypass

>=2.0.0, <4.4.50>=5.0.0, <5.4.20>=6.0.0, <6.0.20>=6.1.0, <6.1.12>=6.2.0, <6.2.6
  • M
Improper Authentication

>=5.3.0, <5.3.12
  • M
HTTP Request Smuggling

>=5.2.0, <5.3.12
  • M
CSV Injection

>=5.0.0, <5.3.12>=4.1.0, <4.4.35
  • M
Information Exposure

>=2.8.0, <3.4.48>=4.0.0, <4.4.23>=5.0.0, <5.2.8
  • L
Denial of Service

>=4.4.0, <4.4.7>=5.0.0, <5.0.7
  • M
Information Exposure

>=4.4.0, <4.4.4>=5.0.0, <5.0.4
  • H
Improper Authorization

>=4.4.0, <4.4.7
  • M
Timing Attack

>=2.8.0, <2.8.52>=3.4.0, <3.4.35>=4.2.0, <4.2.12>=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=3.4.0, <3.4.35>=4.2.0, <4.2.12>=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=2.8.0, <2.8.52>=3.4.0, <3.4.35>=4.2.0, <4.2.11>=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=4.2.0, <4.2.12>=4.3.0, <4.3.8
  • M
User Enumeration

>=4.2.0, <4.2.12>=4.3.0, <4.3.8
  • M
Improper Input Validation

>=2.7.0, <2.7.51>=2.8.0, <2.8.50>=4.0.0, <4.1.0>=3.4.0, <3.4.26>=3.1.0, <3.2.0>=4.1.0, <4.1.12>=3.0.0, <3.1.0>=3.3.0, <3.4.0>=3.2.0, <3.3.0
  • M
Cross-site Scripting (XSS)

>=2.7.0, <2.7.51>=2.8.0, <2.8.50>=4.0.0, <4.1.0>=3.4.0, <3.4.26>=3.1.0, <3.2.0>=4.1.0, <4.1.12>=3.0.0, <3.1.0>=3.3.0, <3.4.0>=3.2.0, <3.3.0
  • M
Deserialization of Untrusted Data

>=2.8.0, <2.8.50>=4.0.0, <4.1.0>=3.4.0, <3.4.26>=3.1.0, <3.2.0>=4.1.0, <4.1.12>=3.0.0, <3.1.0>=3.3.0, <3.4.0>=3.2.0, <3.3.0
  • M
Access Control Bypass

>=2.7.0, <2.7.51>=2.8.0, <2.8.50>=4.0.0, <4.1.0>=3.4.0, <3.4.26>=3.1.0, <3.2.0>=4.1.0, <4.1.12>=3.0.0, <3.1.0>=3.3.0, <3.4.0>=3.2.0, <3.3.0
  • M
Arbitrary Code Execution

>=2.7.0, <2.7.51>=2.8.0, <2.8.50>=4.0.0, <4.1.0>=3.4.0, <3.4.26>=3.1.0, <3.2.0>=4.1.0, <4.1.12>=3.0.0, <3.1.0>=3.3.0, <3.4.0>=3.2.0, <3.3.0
  • M
Information Exposure

>=2.7.38, <2.7.50>=2.8.0, <2.8.49>=3.0.0, <3.4.20>=4.0.0, <4.0.15>=4.1.0, <4.1.9>=4.2.0, <4.2.1
  • M
Open Redirect

>=2.7.0, <2.7.50>=2.8.0, <2.8.49>=3.0.0, <3.4.20>=4.0.0, <4.0.15>=4.1.0, <4.1.9
  • H
Host Header Injection

<2.7.49>=2.8.0, <2.8.44>=3.3.0, <3.3.18>=3.4.0, <3.4.14>=4.0.0, <4.0.14>=4.1.0, <4.1.2
  • M
Access Restriction Bypass

>=2.7, <2.7.49>=2.8, <2.8.44>=3, <3.3.18>=3.4, <3.4.14>=4, <4.0.14>=4.1, <4.1.3
  • M
Cross-site Scripting (XSS)

<2.7.33>=2.8.0, <2.8.26>=3.0.0, <3.2.13>=3.3.0, <3.3.6
  • M
Cross-site Scripting (XSS)

<4.1
  • M
Cross-site Scripting (XSS)

<2.7.7
  • H
Session Fixation

<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
  • M
Open Redirect

<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
  • H
CSRF Token Fixation

<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
  • C
Access Restriction Bypass

<2.8.37>=3.0.0, <3.3.17>=3.4.0, <3.4.7>=4.0.0, <4.0.7
  • M
Denial of Service (DoS)

<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
  • M
Open Redirect

>=2.7.0, <2.7.38>=2.8.0, <2.8.31>=3, <3.1.0>=3.1.0, <3.2.0>=3.2.0, <3.2.14>=3.3.0, <3.3.13>=3.4-BETA0, <3.4-BETA5>=4.0-BETA0, <4.0-BETA5
  • H
Directory Traversal

>=2.7.0, <2.7.38>=2.8.0, <2.8.31>=3, <3.1.0>=3.1.0, <3.2.0>=3.2.0, <3.2.14>=3.3.0, <3.3.13>=3.4-BETA0, <3.4-BETA5>=4.0-BETA0, <4.0-BETA5
  • M
Information Exposure

>=2.7.0, <2.7.38>=2.8.0, <2.8.31>=3, <3.1.0>=3.1.0, <3.2.0>=3.2.0, <3.2.14>=3.3.0, <3.3.13>=3.4-BETA0, <3.4-BETA5>=4.0-BETA0, <4.0-BETA5
  • M
Cross-site Request Forgery (CSRF)

>=2.7.0, <2.7.38>=2.8.0, <2.8.31>=3.0.0, <3.1.0>=3.1.0, <3.2.0>=3.2.0, <3.2.14>=3.3.0, <3.3.13>=3.4-BETA0, <3.4-BETA5>=4.0-BETA0, <4.0-BETA5
  • C
Access Restriction Bypass

>=2.7.30, <2.7.32>=2.8.23, <2.8.25>=3.2.10, <3.2.12>=3.3.3, <3.3.5
  • C
Access Restriction Bypass

>=3.0.0, <3.0.6>=2.8.0, <2.8.6
  • H
Denial of Service (DoS)

>=2.3.0, <2.3.41>=2.6.0, <2.7.0>=2.4.0, <2.5.0>=2.7.0, <2.7.13>=2.5.0, <2.6.0>=2.8.0, <2.8.6>=3.0.0, <3.0.6
  • H
Insecure Randomness

>=2.3.0, <2.3.37>=2.6.0, <2.6.13>=2.4.0, <2.5.0>=2.7.0, <2.7.9>=2.5.0, <2.6.0
  • H
Timing Attack

>=2.3.0, <2.3.35>=2.6.0, <2.6.12>=2.4.0, <2.5.0>=2.7.0, <2.7.7>=2.5.0, <2.6.0
  • M
Session Fixation

>=2.3.0, <2.3.35>=2.6.0, <2.6.12>=2.4.0, <2.5.0>=2.7.0, <2.7.7>=2.5.0, <2.6.0
  • M
Access Restriction Bypass

>=2.3.19, <2.3.29>=2.6.0, <2.6.8>=2.4.9, <2.5.0>=2.5.4, <2.5.12
  • M
Arbitrary Code Injection

>=2.3.0, <2.3.27>=2.6.0, <2.6.6>=2.1.0, <2.2.0>=2.4.0, <2.5.0>=2.5.0, <2.5.11>=2.2.0, <2.3.0>=2, <2.1.0
  • M
Man-in-the-Middle (MitM)

>=2, <2.3.27>=2.4.0, <2.5.11>=2.6.0, <2.6.6
  • M
Cross-site Request Forgery (CSRF)

>=2.3.0, <2.3.19>=2.1.0, <2.2.0>=2.4.0, <2.4.9>=2.5.0, <2.5.4>=2.2.0, <2.3.0>=2, <2.1.0
  • L
Information Exposure

>=2.3.0, <2.3.19>=2.1.0, <2.2.0>=2.4.0, <2.4.9>=2.5.0, <2.5.4>=2.2.0, <2.3.0<2.1.0
  • L
Authentication Bypass

>=2.3.0, <2.3.19>=2.1.0, <2.2.0>=2.4.0, <2.4.9>=2.5.0, <2.5.4>=2.2.0, <2.3.0>=2, <2.1.0
  • M
Denial of Service (DoS)

>=2.0.4, <2.3.19>=2.4.0, <2.4.9>=2.5.0, <2.5.4
  • M
Arbitrary Code Injection

>=2.3.0, <2.3.18>=2.1.0, <2.2.0>=2.4.0, <2.4.8>=2.5.0, <2.5.2>=2.2.0, <2.3.0<2.1.0
  • M
Denial of Service (DoS)

>=2, <2.0.25>=2.1.0, <2.1.13>=2.2.0, <2.2.9>=2.3.0, <2.3.6
  • H
HTTP Host Header Poisoning

>=2.3.0, <2.3.3>=2.1.0, <2.1.12>=2.2.0, <2.2.5>=2, <2.0.24
  • L
Loss of Information

>=2.3.0, <2.3.3>=2.1.0, <2.1.12>=2.2.0, <2.2.5>=2, <2.0.24
  • H
Arbitrary Code Execution

>=2.1.0, <2.1.7>=2, <2.0.22
  • H
Arbitrary Code Execution

>=2, <2.0.22
  • M
Arbitrary Code Execution

>=2.1.0, <2.1.5<2.0.20
  • M
Access Restriction Bypass

>=2.1.0, <2.1.4>=2.0.0, <2.0.19
  • M
Access Restriction Bypass

<2.0.6
  • H
XML External Entity (XXE) Injection

<2.0.17
  • M
Path Disclosure

<2.1.0
  • H
XML External Entity (XXE) Injection

<2.0.11