symfony/symfony vulnerabilities

licenses detected
- MIT
  >=0

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony/symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Authentication Bypass	>=5.3.0, <5.4.47 >=6.0.0-BETA1, <6.4.15 >=7.0.0-BETA1, <7.1.8
M Access Restriction Bypass	<5.4.46 >=6.0.0-BETA1, <6.4.14 >=7.0.0-BETA1, <7.1.7
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	>=6.3.0, <6.3.8
M Session Fixation	>=5.4.21, <5.4.31 >=6.2.7, <6.3.8
M Cross-site Scripting (XSS)	>=2.0.0, <4.4.51 >=5.0.0, <5.4.31 >=6.0.0, <6.3.8
M Cross-site Scripting (XSS)	<2.6.4
H Authentication Bypass	>=2.0.0, <4.4.50 >=5.0.0, <5.4.20 >=6.0.0, <6.0.20 >=6.1.0, <6.1.12 >=6.2.0, <6.2.6
M HTTP Request Smuggling	>=5.2.0, <5.3.12
M Improper Authentication	>=5.3.0, <5.3.12
M CSV Injection	>=5.0.0, <5.3.12 >=4.1.0, <4.4.35
M Information Exposure	>=2.8.0, <3.4.48 >=4.0.0, <4.4.23 >=5.0.0, <5.2.8
L Denial of Service	>=4.4.0, <4.4.7 >=5.0.0, <5.0.7
M Information Exposure	>=4.4.0, <4.4.4 >=5.0.0, <5.0.4
H Improper Authorization	>=4.4.0, <4.4.7
M Timing Attack	>=2.8.0, <2.8.52 >=3.4.0, <3.4.35 >=4.2.0, <4.2.12 >=4.3.0, <4.3.8
H Arbitrary Code Execution	>=3.4.0, <3.4.35 >=4.2.0, <4.2.12 >=4.3.0, <4.3.8
H Arbitrary Code Execution	>=2.8.0, <2.8.52 >=3.4.0, <3.4.35 >=4.2.0, <4.2.11 >=4.3.0, <4.3.8
H Arbitrary Code Execution	>=4.2.0, <4.2.12 >=4.3.0, <4.3.8
M User Enumeration	>=4.2.0, <4.2.12 >=4.3.0, <4.3.8
M Arbitrary Code Execution	>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
M Improper Input Validation	>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
M Access Control Bypass	>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
M Cross-site Scripting (XSS)	>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
M Deserialization of Untrusted Data	>=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
M Information Exposure	>=2.7.38, <2.7.50 >=2.8.0, <2.8.49 >=3.0.0, <3.4.20 >=4.0.0, <4.0.15 >=4.1.0, <4.1.9 >=4.2.0, <4.2.1
M Open Redirect	>=2.7.0, <2.7.50 >=2.8.0, <2.8.49 >=3.0.0, <3.4.20 >=4.0.0, <4.0.15 >=4.1.0, <4.1.9
H Host Header Injection	<2.7.49 >=2.8.0, <2.8.44 >=3.3.0, <3.3.18 >=3.4.0, <3.4.14 >=4.0.0, <4.0.14 >=4.1.0, <4.1.2
M Access Restriction Bypass	>=2.7, <2.7.49 >=2.8, <2.8.44 >=3, <3.3.18 >=3.4, <3.4.14 >=4, <4.0.14 >=4.1, <4.1.3
M Cross-site Scripting (XSS)	<2.7.33 >=2.8.0, <2.8.26 >=3.0.0, <3.2.13 >=3.3.0, <3.3.6
M Cross-site Scripting (XSS)	<4.1
M Cross-site Scripting (XSS)	<2.7.7
H Session Fixation	<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
M Open Redirect	<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
H CSRF Token Fixation	<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
C Access Restriction Bypass	<2.8.37 >=3.0.0, <3.3.17 >=3.4.0, <3.4.7 >=4.0.0, <4.0.7
M Denial of Service (DoS)	<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
M Open Redirect	>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
H Directory Traversal	>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
M Information Exposure	>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
M Cross-site Request Forgery (CSRF)	>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3.0.0, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
C Access Restriction Bypass	>=2.7.30, <2.7.32 >=2.8.23, <2.8.25 >=3.2.10, <3.2.12 >=3.3.3, <3.3.5
C Access Restriction Bypass	>=3.0.0, <3.0.6 >=2.8.0, <2.8.6
H Denial of Service (DoS)	>=2.3.0, <2.3.41 >=2.6.0, <2.7.0 >=2.4.0, <2.5.0 >=2.7.0, <2.7.13 >=2.5.0, <2.6.0 >=2.8.0, <2.8.6 >=3.0.0, <3.0.6
H Insecure Randomness	>=2.3.0, <2.3.37 >=2.6.0, <2.6.13 >=2.4.0, <2.5.0 >=2.7.0, <2.7.9 >=2.5.0, <2.6.0
H Timing Attack	>=2.3.0, <2.3.35 >=2.6.0, <2.6.12 >=2.4.0, <2.5.0 >=2.7.0, <2.7.7 >=2.5.0, <2.6.0
M Session Fixation	>=2.3.0, <2.3.35 >=2.6.0, <2.6.12 >=2.4.0, <2.5.0 >=2.7.0, <2.7.7 >=2.5.0, <2.6.0
M Access Restriction Bypass	>=2.3.19, <2.3.29 >=2.6.0, <2.6.8 >=2.4.9, <2.5.0 >=2.5.4, <2.5.12
M Arbitrary Code Injection	>=2.3.0, <2.3.27 >=2.6.0, <2.6.6 >=2.1.0, <2.2.0 >=2.4.0, <2.5.0 >=2.5.0, <2.5.11 >=2.2.0, <2.3.0 >=2, <2.1.0
M Man-in-the-Middle (MitM)	>=2, <2.3.27 >=2.4.0, <2.5.11 >=2.6.0, <2.6.6
M Cross-site Request Forgery (CSRF)	>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 >=2, <2.1.0
L Information Exposure	>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 <2.1.0
L Authentication Bypass	>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 >=2, <2.1.0
M Denial of Service (DoS)	>=2.0.4, <2.3.19 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4
M Arbitrary Code Injection	>=2.3.0, <2.3.18 >=2.1.0, <2.2.0 >=2.4.0, <2.4.8 >=2.5.0, <2.5.2 >=2.2.0, <2.3.0 <2.1.0
M Denial of Service (DoS)	>=2, <2.0.25 >=2.1.0, <2.1.13 >=2.2.0, <2.2.9 >=2.3.0, <2.3.6
H HTTP Host Header Poisoning	>=2.3.0, <2.3.3 >=2.1.0, <2.1.12 >=2.2.0, <2.2.5 >=2, <2.0.24
L Loss of Information	>=2.3.0, <2.3.3 >=2.1.0, <2.1.12 >=2.2.0, <2.2.5 >=2, <2.0.24
H Arbitrary Code Execution	>=2.1.0, <2.1.7 >=2, <2.0.22
H Arbitrary Code Execution	>=2, <2.0.22
M Arbitrary Code Execution	>=2.1.0, <2.1.5 <2.0.20
M Access Restriction Bypass	>=2.1.0, <2.1.4 >=2.0.0, <2.0.19
M Access Restriction Bypass	<2.0.6
H XML External Entity (XXE) Injection	<2.0.17
M Path Disclosure	<2.1.0
H XML External Entity (XXE) Injection	<2.0.11

symfony/symfony vulnerabilities

licenses detected

Direct Vulnerabilities