friendsofsymfony1/symfony1

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting friendsofsymfony1/symfony1page 1 of 1

CVE-2024-28859MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.5.18
2024-03-15
vulnerable: v1.5.0 ... v1.5.9 (18 versions)
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enabl…
CVE-2024-28861CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.5.19
2024-03-22
vulnerable: v1.5.0 ... v1.5.9 (19 versions)
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParam…

Check whether friendsofsymfony1/symfony1 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for friendsofsymfony1/symfony1 CVEs against the assets you own.

Start Free Scan →