CRITICAL9.8CVE-2019-10913Invalid HTTP method overrides allow possible XSS or other attacks in Symfony >= 2.7.0, < 2.7.51
HIGH7.5CVE-2014-5244Symfony vulnerable to denial of service via a malicious HTTP Host header >= 2.0.0, < 2.3.19
HIGH7.5Argument injection in a MimeTypeGuesser in Symfony
>= 2.0.0, < 2.8.52
HIGH7.3Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
from 0, < 5.4.50
MEDIUM6.5Symfony HTTP Foundation web cache poisoning
>= 2.7.0, < 2.7.49
MEDIUM6.1Symfony Host Header Injection vulnerability in the HttpFoundation component
>= 2.0.0, < 2.0.24
MEDIUM5.9Symfony DoS
>= 2.7.0, < 2.7.48
MEDIUM5.3Symfony has unsafe methods in the Request class
>= 2.0.0, < 2.3.27
MEDIUM5.3Symfony has a security issue when parsing the Authorization header
>= 2.0.0, < 2.3.19
LOW3.1Symfony vulnerable to open redirect via browser-sanitized URLs
from 0, < 5.4.46
LOW2.6Prevent cache poisoning via a Response Content-Type header in Symfony
>= 4.4.0, < 4.4.7
—Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
>= 6.4.0, < 6.4.41
—Symfony Allows URI Restrictions Bypass Via Double-Encoded String
>= 2.0.0, < 2.0.19