symfony vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Use of Non-Canonical URL Paths for Authorization Decisions	*
L CVE-2024-36611	*
L Improper Authentication	<6.4.15+dfsg-1
L CVE-2024-50341	<6.4.10+dfsg-1
L Improper Input Validation	<6.4.11+dfsg-1
M Open Redirect	<6.4.14+dfsg-1
L Arbitrary Code Injection	<6.4.14+dfsg-1
L Information Exposure	<6.4.15+dfsg-1
M CVE-2023-46733	<5.4.31+dfsg-1
M Cross-site Scripting (XSS)	<5.4.31+dfsg-1
H CVE-2022-24894	<5.4.20+dfsg-1
H Insufficient Session Expiration	<5.4.20+dfsg-1
M Improper Neutralization of Formula Elements in a CSV File	<4.4.19+dfsg-3
M Information Exposure	<4.4.19+dfsg-2
H Improper Cross-boundary Removal of Sensitive Data	<4.4.13+dfsg-1
M Information Exposure	<4.4.8-1
H Incorrect Authorization	<4.4.8-1
M Improper Input Validation	<4.4.8-1
H Information Exposure	<4.3.8+dfsg-1
C Improper Encoding or Escaping of Output	<4.3.8+dfsg-1
C Arbitrary Code Injection	<4.3.8+dfsg-1
H Improper Input Validation	<4.3.8+dfsg-1
M Information Exposure	<4.3.8+dfsg-1
H Improper Authentication	<3.4.22+dfsg-2
C Cross-site Scripting (XSS)	<3.4.22+dfsg-2
H Deserialization of Untrusted Data	<3.4.22+dfsg-2
C SQL Injection	<3.4.22+dfsg-2
M Cross-site Scripting (XSS)	<3.4.22+dfsg-2
M Open Redirect	<3.4.20+dfsg-1
M Unrestricted Upload of File with Dangerous Type	<3.4.20+dfsg-1
H Improper Input Validation	<3.4.14+dfsg-1
M CVE-2018-14773	<3.4.14+dfsg-1
H Directory Traversal	<3.4.0+dfsg-1
M CVE-2017-16653	<3.4.0+dfsg-1
M Improper Input Validation	<3.4.0+dfsg-1
L Cross-site Scripting (XSS)	<3.4.0+dfsg-1
L CVE-2015-2309	<2.3.21+dfsg-4
L Cross-site Scripting (XSS)	<3.4.12+dfsg-1
C Improper Authentication	<3.4.12+dfsg-1
M Open Redirect	<3.4.12+dfsg-1
H Session Fixation	<3.4.12+dfsg-1
M Open Redirect	<3.4.0+dfsg-1
H Cross-site Request Forgery (CSRF)	<3.4.12+dfsg-1
M Insufficient Session Expiration	<3.4.12+dfsg-1
C Improper Authentication	<2.8.6+dfsg-1
H Resource Management Errors	<2.8.6+dfsg-1
H Cryptographic Issues	<2.7.9+dfsg-1
H CVE-2015-8125	<2.7.7+dfsg-1
M CVE-2015-8124	<2.7.7+dfsg-1
M Arbitrary Code Injection	<2.3.21+dfsg-4
M Improper Access Control	<2.7.0~beta2+dfsg-2
L CVE-2008-7220	<1.0.21-1.1
L CVE-2007-2383	<1.0.21-1.1

Vulnerability

Vulnerable Version

Use of Non-Canonical URL Paths for Authorization Decisions