symfony/http-foundation
Ecosystem:
packagist
packagist
Package URL:
pkg:composer/symfony/http-foundation
Total PRs:
402 Dependabot PRs
402 Dependabot PRs
Latest PR:
about 19 hours ago
about 19 hours ago
Unique Repositories:
286 repositories
286 repositories
Unique Repos (30 days):
86 repositories
86 repositories
Security Advisories
Symfony has a security issue when parsing the Authorization header
GHSA-h7v2-2qwg-h829
CVE-2014-6061
MODERATE
published over 1 year ago
• updated 11 days ago
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue.
This issue ...
Prevent cache poisoning via a Response Content-Type header in Symfony
GHSA-mcx4-f5f5-4859
CVE-2020-5255
LOW
published over 5 years ago
• updated 1 day ago
Description
-----------
When a `Response` does not contain a `Content-Type` header, Symfony falls back to the format defined in the `Accept` heade...
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
GHSA-x92h-wmg2-6hp7
CVE-2019-10913
CRITICAL
published almost 6 years ago
• updated about 8 hours ago
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or usin...
Argument injection in a MimeTypeGuesser in Symfony
GHSA-xhh6-956q-4q69
CVE-2019-18888
HIGH
published almost 6 years ago
• updated 4 days ago
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application pas...
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
GHSA-3rg7-wf37-54rm
CVE-2025-64500
HIGH
published 13 days ago
• updated 4 days ago
### Description
The `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't ...
Recent PRs (filtered by: Major PRs )
Bump symfony/http-foundation from 2.7.0 to 5.4.50
2.7.0 → 5.4.50
Major PR
Open
12 days ago
1 comment
Bump symfony/http-foundation from 4.4.49 to 5.4.50
4.4.49 → 5.4.50
Major PR
Open
13 days ago
1 comment
Bump symfony/http-foundation from 4.4.49 to 5.4.46
jtl-software/connector-prestashop #15
4.4.49 → 5.4.46
Major PR
Closed
16 days ago
1 comment
build(deps): Bump the symfony group across 1 directory with 10 updates
nextcloud/3rdparty #2162
6.4.14 → 7.3.4
Major PR
Open
about 2 months ago
1 comment
build(deps): update symfony/http-foundation requirement from 6.4.* to 7.3.*
6.4.* → 7.3.*
Major PR
Open
5 months ago
3 comments
Bump symfony/http-foundation from 4.4.49 to 5.4.48
sfu-dhil/pi #90
4.4.49 → 5.4.48
Major PR
Closed
6 months ago
1 comment
chore(deps): bump symfony/http-foundation from 6.4.4 to 7.1.7
adrien-force/OC-P14-EX1-Adrien-Force #1
6.4.4 → 7.1.7
Major PR
Closed
7 months ago
Bump symfony/http-foundation from 4.4.49 to 5.4.46
turtle0x1/LxdMosaic #586
4.4.49 → 5.4.46
Major PR
Closed
about 1 year ago
1 comment
Package Details
| Name: | symfony/http-foundation |
| Ecosystem: | packagist |
| PURL Type: | composer |
| Package URL: | pkg:composer/symfony/http-foundation |
| JSON API: | View JSON |
Security Advisories
Package Information
Description:
Defines an object-oriented layer for the HTTP specification
| Repository: | https://github.com/symfony/http-foundation |
| Homepage: | https://symfony.com |
| Latest Release: |
v7.3.0
7 months ago |
| Dependent Repos: | 533,200 |
| Dependent Packages: | 4,613 |
| Downloads: | 747,469,299 |
| Ranking: | Top 0.0056% by dependent repos Top 0.0068% by downloads Top 0.0081% by dependent pkgs |