symfony/symfony vulnerabilities

The Symfony PHP framework

Latest version: v5.0.3

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the symfony/symfony package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Timing Attack
>=2.8.0, <2.8.52,>=3.4.0, <3.4.35,>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=3.4.0, <3.4.35,>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=2.8.0, <2.8.52,>=3.4.0, <3.4.35,>=4.2.0, <4.2.11,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • H
Arbitrary Code Execution
>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • M
User Enumeration
>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • M
Deserialization of Untrusted Data
>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Arbitrary Code Execution
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Access Control Bypass
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Improper Input Validation
>=2.7.0, <2.7.51,>=2.8.0, <2.8.50,>=4.0.0, <4.1.0,>=3.4.0, <3.4.26,>=3.1.0, <3.2.0,>=4.1.0, <4.1.12,>=3.0.0, <3.1.0,>=3.3.0, <3.4.0,>=3.2.0, <3.3.0 Not available 24 Apr, 2019
  • M
Open Redirect
>=2.7.0, <2.7.50,>=2.8.0, <2.8.49,>=3.0.0, <3.4.20,>=4.0.0, <4.0.15,>=4.1.0, <4.1.9 Not available 10 Dec, 2018
  • M
Information Exposure
>=2.7.38, <2.7.50,>=2.8.0, <2.8.49,>=3.0.0, <3.4.20,>=4.0.0, <4.0.15,>=4.1.0, <4.1.9,>=4.2.0, <4.2.1 Not available 10 Dec, 2018
  • H
Host Header Injection
<2.7.49,>=2.8.0, <2.8.44,>=3.3.0, <3.3.18,>=3.4.0, <3.4.14,>=4.0.0, <4.0.14,>=4.1.0, <4.1.2 Not available 05 Aug, 2018
  • M
Access Restriction Bypass
>=2.7, <2.7.49,>=2.8, <2.8.44,>=3, <3.3.18,>=3.4, <3.4.14,>=4, <4.0.14,>=4.1, <4.1.3 Not available 02 Aug, 2018
  • M
Cross-site Scripting (XSS)
<2.7.33,>=2.8.0, <2.8.26,>=3.0.0, <3.2.13,>=3.3.0, <3.3.6 Not available 30 Jul, 2018
  • M
Cross-site Scripting (XSS)
<4.1 Not available 14 Jun, 2018
  • M
Cross-site Scripting (XSS)
<2.7.7 Not available 13 Jun, 2018
  • H
Session Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • M
Open Redirect
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • H
CSRF Token Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • H
Access Restriction Bypass
<2.8.37,>=3.0.0, <3.3.17,>=3.4.0, <3.4.7,>=4.0.0, <4.0.7 Not available 30 May, 2018
  • M
Denial of Service (DoS)
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • M
Open Redirect
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • M
Cross-site Request Forgery (CSRF)
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • H
Directory Traversal
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • M
Information Exposure
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • H
Access Restriction Bypass
>=2.7.30, <2.7.32,>=2.8.23, <2.8.25,>=3.2.10, <3.2.12,>=3.3.3, <3.3.5 Not available 17 Jul, 2017
  • H
Access Restriction Bypass
>=3.0.0, <3.0.6,>=2.8.0, <2.8.6 Not available 09 May, 2016
  • H
Denial of Service (DoS)
>=2.3.0, <2.3.41,>=2.6.0, <2.7.0,>=2.4.0, <2.5.0,>=2.7.0, <2.7.13,>=2.5.0, <2.6.0,>=2.8.0, <2.8.6,>=3, <3.0.6 Not available 09 May, 2016
  • H
Insecure Randomness
>=2.3.0, <2.3.37,>=2.6.0, <2.6.13,>=2.4.0, <2.5.0,>=2.7.0, <2.7.9,>=2.5.0, <2.6.0 Not available 14 Jan, 2016