symfony/symfony vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the symfony/symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

>=6.3.0, <6.3.8
  • M
Session Fixation

>=5.4.21, <5.4.31 >=6.2.7, <6.3.8
  • M
Cross-site Scripting (XSS)

>=2.0.0, <4.4.51 >=5.0.0, <5.4.31 >=6.0.0, <6.3.8
  • M
Cross-site Scripting (XSS)

<2.6.4
  • H
Authentication Bypass

>=2.0.0, <4.4.50 >=5.0.0, <5.4.20 >=6.0.0, <6.0.20 >=6.1.0, <6.1.12 >=6.2.0, <6.2.6
  • M
HTTP Request Smuggling

>=5.2.0, <5.3.12
  • M
Improper Authentication

>=5.3.0, <5.3.12
  • M
CSV Injection

>=5.0.0, <5.3.12 >=4.1.0, <4.4.35
  • M
Information Exposure

>=2.8.0, <3.4.48 >=4.0.0, <4.4.23 >=5.0.0, <5.2.8
  • L
Denial of Service

>=4.4.0, <4.4.7 >=5.0.0, <5.0.7
  • M
Information Exposure

>=4.4.0, <4.4.4 >=5.0.0, <5.0.4
  • H
Improper Authorization

>=4.4.0, <4.4.7
  • M
Timing Attack

>=2.8.0, <2.8.52 >=3.4.0, <3.4.35 >=4.2.0, <4.2.12 >=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=3.4.0, <3.4.35 >=4.2.0, <4.2.12 >=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=2.8.0, <2.8.52 >=3.4.0, <3.4.35 >=4.2.0, <4.2.11 >=4.3.0, <4.3.8
  • H
Arbitrary Code Execution

>=4.2.0, <4.2.12 >=4.3.0, <4.3.8
  • M
User Enumeration

>=4.2.0, <4.2.12 >=4.3.0, <4.3.8
  • M
Access Control Bypass

>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
  • M
Cross-site Scripting (XSS)

>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
  • M
Improper Input Validation

>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
  • M
Arbitrary Code Execution

>=2.7.0, <2.7.51 >=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
  • M
Deserialization of Untrusted Data

>=2.8.0, <2.8.50 >=4.0.0, <4.1.0 >=3.4.0, <3.4.26 >=3.1.0, <3.2.0 >=4.1.0, <4.1.12 >=3.0.0, <3.1.0 >=3.3.0, <3.4.0 >=3.2.0, <3.3.0
  • M
Information Exposure

>=2.7.38, <2.7.50 >=2.8.0, <2.8.49 >=3.0.0, <3.4.20 >=4.0.0, <4.0.15 >=4.1.0, <4.1.9 >=4.2.0, <4.2.1
  • M
Open Redirect

>=2.7.0, <2.7.50 >=2.8.0, <2.8.49 >=3.0.0, <3.4.20 >=4.0.0, <4.0.15 >=4.1.0, <4.1.9
  • H
Host Header Injection

<2.7.49 >=2.8.0, <2.8.44 >=3.3.0, <3.3.18 >=3.4.0, <3.4.14 >=4.0.0, <4.0.14 >=4.1.0, <4.1.2
  • M
Access Restriction Bypass

>=2.7, <2.7.49 >=2.8, <2.8.44 >=3, <3.3.18 >=3.4, <3.4.14 >=4, <4.0.14 >=4.1, <4.1.3
  • M
Cross-site Scripting (XSS)

<2.7.33 >=2.8.0, <2.8.26 >=3.0.0, <3.2.13 >=3.3.0, <3.3.6
  • M
Cross-site Scripting (XSS)

<4.1
  • M
Cross-site Scripting (XSS)

<2.7.7
  • H
Session Fixation

<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
  • M
Open Redirect

<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
  • H
CSRF Token Fixation

<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
  • C
Access Restriction Bypass

<2.8.37 >=3.0.0, <3.3.17 >=3.4.0, <3.4.7 >=4.0.0, <4.0.7
  • M
Denial of Service (DoS)

<2.7.48 >=2.8.0, <2.8.41 >=3.0.0, <3.3.17 >=3.4.0, <3.4.11 >=4.0.0, <4.0.11
  • M
Open Redirect

>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
  • H
Directory Traversal

>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
  • M
Information Exposure

>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
  • M
Cross-site Request Forgery (CSRF)

>=2.7.0, <2.7.38 >=2.8.0, <2.8.31 >=3.0.0, <3.1.0 >=3.1.0, <3.2.0 >=3.2.0, <3.2.14 >=3.3.0, <3.3.13 >=3.4-BETA0, <3.4-BETA5 >=4.0-BETA0, <4.0-BETA5
  • C
Access Restriction Bypass

>=2.7.30, <2.7.32 >=2.8.23, <2.8.25 >=3.2.10, <3.2.12 >=3.3.3, <3.3.5
  • C
Access Restriction Bypass

>=3.0.0, <3.0.6 >=2.8.0, <2.8.6
  • H
Denial of Service (DoS)

>=2.3.0, <2.3.41 >=2.6.0, <2.7.0 >=2.4.0, <2.5.0 >=2.7.0, <2.7.13 >=2.5.0, <2.6.0 >=2.8.0, <2.8.6 >=3.0.0, <3.0.6
  • H
Insecure Randomness

>=2.3.0, <2.3.37 >=2.6.0, <2.6.13 >=2.4.0, <2.5.0 >=2.7.0, <2.7.9 >=2.5.0, <2.6.0
  • M
Session Fixation

>=2.3.0, <2.3.35 >=2.6.0, <2.6.12 >=2.4.0, <2.5.0 >=2.7.0, <2.7.7 >=2.5.0, <2.6.0
  • H
Timing Attack

>=2.3.0, <2.3.35 >=2.6.0, <2.6.12 >=2.4.0, <2.5.0 >=2.7.0, <2.7.7 >=2.5.0, <2.6.0
  • M
Access Restriction Bypass

>=2.3.19, <2.3.29 >=2.6.0, <2.6.8 >=2.4.9, <2.5.0 >=2.5.4, <2.5.12
  • M
Arbitrary Code Injection

>=2.3.0, <2.3.27 >=2.6.0, <2.6.6 >=2.1.0, <2.2.0 >=2.4.0, <2.5.0 >=2.5.0, <2.5.11 >=2.2.0, <2.3.0 >=2, <2.1.0
  • M
Man-in-the-Middle (MitM)

>=2, <2.3.27 >=2.4.0, <2.5.11 >=2.6.0, <2.6.6
  • M
Cross-site Request Forgery (CSRF)

>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 >=2, <2.1.0
  • L
Information Exposure

>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 <2.1.0
  • L
Authentication Bypass

>=2.3.0, <2.3.19 >=2.1.0, <2.2.0 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4 >=2.2.0, <2.3.0 >=2, <2.1.0
  • M
Denial of Service (DoS)

>=2.0.4, <2.3.19 >=2.4.0, <2.4.9 >=2.5.0, <2.5.4
  • M
Arbitrary Code Injection

>=2.3.0, <2.3.18 >=2.1.0, <2.2.0 >=2.4.0, <2.4.8 >=2.5.0, <2.5.2 >=2.2.0, <2.3.0 <2.1.0
  • M
Denial of Service (DoS)

>=2, <2.0.25 >=2.1.0, <2.1.13 >=2.2.0, <2.2.9 >=2.3.0, <2.3.6
  • H
HTTP Host Header Poisoning

>=2.3.0, <2.3.3 >=2.1.0, <2.1.12 >=2.2.0, <2.2.5 >=2, <2.0.24
  • L
Loss of Information

>=2.3.0, <2.3.3 >=2.1.0, <2.1.12 >=2.2.0, <2.2.5 >=2, <2.0.24
  • H
Arbitrary Code Execution

>=2.1.0, <2.1.7 >=2, <2.0.22
  • H
Arbitrary Code Execution

>=2, <2.0.22
  • M
Arbitrary Code Execution

>=2.1.0, <2.1.5 <2.0.20
  • M
Access Restriction Bypass

>=2.1.0, <2.1.4 >=2.0.0, <2.0.19
  • M
Access Restriction Bypass

<2.0.6
  • H
XML External Entity (XXE) Injection

<2.0.17
  • M
Path Disclosure

<2.1.0
  • H
XML External Entity (XXE) Injection

<2.0.11