Software Detail

Software Informaton Top

Framework

Software Detail

Symfony

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://symfony.com/
Explanation	Symfony is a framework that provides the necessary components to develop web applications quickly and easily in PHP. It is based on Model View Controller (MVC). It has been in development since December 2004 and has a large user base. It is a framework suitable for large scale development with PHP. Normal release is 8 months for bug fixes and 14 months for security fixes. Long-term support includes bug fixes for 3 years and security fixes for 4 years.
Tag	MIT License PHP

Add Information URL

No	Type	Name	URL
1			https://symfony.com/download
2			https://symfony.com/releases

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Critical	High	Medium
51	Symfony 7.1	7.1.11	Jan. 29, 2025	May 31, 2024	Jan. 31, 2025		0	0	0
52	Symfony 7.0	7.0.10	July 26, 2024	Nov. 29, 2023	July 31, 2024		0	0	0
53	Symfony 6.4(LTS)	6.4.29	Nov. 12, 2025	Nov. 29, 2023	June 28, 2027		0	0	0
54	Symfony 6.3	6.3.12	Jan. 30, 2024	May 30, 2023	Jan. 31, 2024		0	0	3
55	Symfony 6.2	6.2.14	July 31, 2023	Nov. 30, 2022	July 30, 2023		0	2	3
56	Symfony 6.1	6.1.12	Feb. 1, 2023	May 27, 2022	Jan. 31, 2023		0	2	2
57	Symfony 6.0	6.0.20	Feb. 1, 2023	Nov. 29, 2021	July 31, 2022		0	3	2
58	Symfony 6.0	6.0.20	Feb. 1, 2023	Nov. 29, 2021	Jan. 31, 2023		0	3	2
59	Symfony 5.4(LTS)	5.4.50	Nov. 12, 2025	Nov. 29, 2021	Nov. 30, 2024		0	3	1
60	Symfony 5.3	5.3.16	March 1, 2022	May 31, 2021	Jan. 31, 2022		0	5	3
61	Symfony 5.2	5.2.14	July 29, 2021	Nov. 30, 2020	July 31, 2021		0	3	4
62	Symfony 5.1	5.1.11	Jan. 27, 2021	May 31, 2020	Jan. 31, 2021		0	4	3
63	Symfony 5.0	5.0.11	July 24, 2020	Nov. 21, 2019	Nov. 30, 2019	July 31, 2020	0	4	5
64	Symfony 4.4(LTS)	4.4.51	Nov. 10, 2023	Nov. 21, 2019	Nov. 30, 2022	Nov. 30, 2023	0	5	5
65	Symfony 4.3	4.3.11	Jan. 31, 2020	May 30, 2019	Jan. 31, 2020	July 31, 2020	2	5	4
66	Symfony 4.2	4.2.12	Nov. 13, 2019	Nov. 30, 2018	July 31, 2019	Jan. 31, 2020	4	7	7
67	Symfony 4.1	4.1.12	April 17, 2019	May 30, 2018	Jan. 31, 2019	July 31, 2019	2	6	7
68	Symfony 4.0	4.0.15	Dec. 6, 2018	Nov. 30, 2017	July 31, 2018	Jan. 31, 2019	1	6	7
69	Symfony 3.4	3.4.49	May 19, 2021	Nov. 30, 2017	Nov. 30, 2020	Nov. 30, 2020	4	11	9
70	Symfony 3.3	3.3.9					2	7	12
71	Symfony 3.2	3.2.9					1	4	7
72	Symfony 3.1	3.1.9					0	3	5
73	Symfony 3.0	3.0.9					1	4	5
74	Symfony 2.8	2.8.9					5	11	10
75	Symfony 2.7	2.7.9					3	11	10
76	Symfony 2.6	2.6.9					0	5	5
77	Symfony 2.5	2.5.9					0	3	4
78	Symfony 2.4	2.4.9					0	3	4
79	Symfony 2.3	2.3.9					0	7	7
80	Symfony 2.2	2.2.9					0	7	6
81	Symfony 2.1	2.1.9					0	7	6
82	Symfony 2.0	2.0.9					0	8	7
83	Symfony 1.4	1.4.9					0	3	3

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
51	- 5.0	MEDIUM	The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a lon…	CWE-399 Resource Management Errors	CVE-2013-5958	cpe:2.3:a:sensiolabs:symfony:2.3.5:* cpe:2.3:a:sensiolabs:symfony:2.3.4:* cpe:2.3:a:sensiolabs:symfony:2.3.3:*		2024-11-21 10:58 2014-12-28	Show	GitHub Exploit DB Packet Storm

52	- 7.5	HIGH	Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a diff…	CWE-94 Code Injection	CVE-2013-1397	cpe:2.3:a:sensiolabs:symfony:2.2.9:* cpe:2.3:a:sensiolabs:symfony:2.2.8:* cpe:2.3:a:sensiolabs:symfony:2.2.6:*		2024-11-21 10:49 2014-06-3	Show	GitHub Exploit DB Packet Storm

53	- 7.5	HIGH	The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.	CWE-94 Code Injection	CVE-2013-1348	cpe:2.3:a:sensiolabs:symfony:2.0.9:* cpe:2.3:a:sensiolabs:symfony:2.0.8:* cpe:2.3:a:sensiolabs:symfony:2.0.7:*		2024-11-21 10:49 2014-06-3	Show	GitHub Exploit DB Packet Storm

54	- 6.8	MEDIUM	Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI begin…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-6432	cpe:2.3:a:sensiolabs:symfony:2.2:dev cpe:2.3:a:sensiolabs:symfony:2.1.3:* cpe:2.3:a:sensiolabs:symfony:2.1.2:*		2024-11-21 10:46 2012-12-27	Show	GitHub Exploit DB Packet Storm

55	- 6.4	MEDIUM	Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly e…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-6431	cpe:2.3:a:sensiolabs:symfony:2.0.9:* cpe:2.3:a:sensiolabs:symfony:2.0.8:* cpe:2.3:a:sensiolabs:symfony:2.0.7:*		2024-11-21 10:46 2012-12-27	Show	GitHub Exploit DB Packet Storm

56	- 5.0	MEDIUM	lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5574	cpe:2.3:a:sensiolabs:symfony:1.4.9:* cpe:2.3:a:sensiolabs:symfony:1.4.8:* cpe:2.3:a:sensiolabs:symfony:1.4.7:*	1.4.19	2024-11-21 10:44 2012-12-18	Show	GitHub Exploit DB Packet Storm

57	- 4.3	MEDIUM	Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate metho…	NVD-CWE-Other	CVE-2012-2667	cpe:2.3:a:sensiolabs:symfony:1.4.9:* cpe:2.3:a:sensiolabs:symfony:1.4.8:* cpe:2.3:a:sensiolabs:symfony:1.4.7:*	1.4.17	2024-11-21 10:39 2012-06-8	Show	GitHub Exploit DB Packet Storm