symfony/framework-bundle

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting symfony/framework-bundlepage 1 of 1

CVE-2019-10909MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.2.7
2019-05-16
vulnerable: v4.2.0 ... v4.2.6 (7 versions)
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundl…
CVE-2022-23601HIGHCVSS 8.1EG 8.1✓ Fixed in 6.0.4
2022-02-01
vulnerable: 6.0.3, v6.0.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store a…

Check whether symfony/framework-bundle is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/framework-bundle CVEs against the assets you own.

Start Free Scan →