GHSA-m7v2-7gxm-vc2v

Suggest an improvement
Source
https://github.com/advisories/GHSA-m7v2-7gxm-vc2v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m7v2-7gxm-vc2v
Aliases
  • CVE-2026-45077
Published
2026-05-27T21:13:29Z
Modified
2026-05-27T21:30:09.492578462Z
Severity
  • 8.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Details

Description

Symfony\Bridge\Monolog\Command\ServerLogCommand (the server:log console command) is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP object-deserialization sink:

  1. The listener binds to 0.0.0.0:9911 by default; it accepts connections on every interface, not only loopback.
  2. Each received frame is processed as unserialize(base64_decode($message)) without an allowed_classes allowlist, without authentication, and without any integrity check. The decoded value is then passed to displayLog(..., array $record) which assumes (without validating) that the result is an array.

Any host that can reach TCP port 9911 on a machine running server:log can therefore submit attacker-chosen serialized PHP payloads. The minimum impact is an unauthenticated denial of service (sending a non-array, e.g. serialize(new stdClass()), crashes the listener with a type error). Object injection with magic-method side effects (__wakeup() / __destruct() / etc.) is reachable before the array type-check fires; full remote code execution is environment-dependent and contingent on usable gadget chains in the autoload set of the target process.

Resolution

The server:log command no longer binds to all interfaces by default: the default --host is now 127.0.0.1:9911, requiring explicit opt-in to accept off-host traffic. Message decoding is gated by an unserialize() allowlist restricted to the Symfony\Component\VarDumper\Caster\* and Symfony\Component\VarDumper\Cloner\* classes that legitimately appear inside dumped log records; any other class is rejected and the record discarded.

The patch for this issue is available here for branch 5.4.

Credits

Symfony would like to thank Toàn Thắng and Sam Sanoop for reporting the issue and Nicolas Grekas for fixing it.

Database specific 
{
    "cwe_ids": [
        "CWE-502",
        "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-27T21:13:29Z",
    "nvd_published_at": null,
    "severity": "HIGH"
}
References

Affected packages

Packagist
symfony/monolog-bridge

Package

Name
symfony/monolog-bridge
Purl
pkg:composer/symfony%2Fmonolog-bridge

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.52

Affected versions

2.*
2.0.7
v2.*
v2.0.9
v2.0.10
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.25
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2.10
v2.2.11
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.17
v2.3.18
v2.3.19
v2.3.20
v2.3.21
v2.3.22
v2.3.23
v2.3.24
v2.3.25
v2.3.26
v2.3.27
v2.3.28
v2.3.29
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37
v2.3.38
v2.3.39
v2.3.40
v2.3.41
v2.3.42
v2.4.0-BETA1
v2.4.0-BETA2
v2.4.0-RC1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.5.0-BETA1
v2.5.0-BETA2
v2.5.0-RC1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.5.10
v2.5.11
v2.5.12
v2.6.0-BETA1
v2.6.0-BETA2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
v2.6.11
v2.6.12
v2.6.13
v2.7.0-BETA1
v2.7.0-BETA2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.50
v2.7.51
v2.8.0-BETA1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.50
v2.8.52
v3.*
v3.0.0-BETA1
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0-BETA1
v3.1.0-RC1
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.2.0-BETA1
v3.2.0-RC1
v3.2.0-RC2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.3.0-BETA1
v3.3.0-RC1
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.17
v3.3.18
v3.4.0-BETA1
v3.4.0-BETA2
v3.4.0-BETA3
v3.4.0-BETA4
v3.4.0-RC1
v3.4.0-RC2
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.26
v3.4.27
v3.4.28
v3.4.29
v3.4.30
v3.4.31
v3.4.32
v3.4.33
v3.4.34
v3.4.35
v3.4.36
v3.4.37
v3.4.38
v3.4.39
v3.4.40
v3.4.41
v3.4.42
v3.4.43
v3.4.44
v3.4.45
v3.4.46
v3.4.47
v4.*
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.2.0-BETA1
v4.2.0-BETA2
v4.2.0-RC1
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.2.10
v4.2.11
v4.2.12
v4.3.0-BETA1
v4.3.0-BETA2
v4.3.0-RC1
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.3.10
v4.3.11
v4.4.0-BETA1
v4.4.0-BETA2
v4.4.0-RC1
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.4.10
v4.4.11
v4.4.12
v4.4.13
v4.4.14
v4.4.15
v4.4.16
v4.4.17
v4.4.18
v4.4.19
v4.4.20
v4.4.21
v4.4.22
v4.4.25
v4.4.26
v4.4.27
v4.4.37
v4.4.43
v5.*
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.0.10
v5.0.11
v5.1.0-BETA1
v5.1.0-RC1
v5.1.0-RC2
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.1.10
v5.1.11
v5.2.0-BETA1
v5.2.0-BETA2
v5.2.0-BETA3
v5.2.0-RC1
v5.2.0-RC2
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.7
v5.2.10
v5.2.11
v5.2.12
v5.3.0-BETA1
v5.3.0-BETA4
v5.3.0-RC1
v5.3.0
v5.3.3
v5.3.4
v5.3.7
v5.3.14
v5.4.0-BETA1
v5.4.0-RC1
v5.4.0
v5.4.3
v5.4.10
v5.4.17
v5.4.19
v5.4.21
v5.4.22
v5.4.31
v5.4.35
v5.4.39
v5.4.40
v5.4.45

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/symfony

Package

Name
symfony/symfony
Purl
pkg:composer/symfony%2Fsymfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.52

Affected versions

2.*
2.0.4
2.0.5
2.0.6
2.0.7
v2.*
v2.0.9
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.17
v2.0.18
v2.0.19
v2.0.20
v2.0.21
v2.0.22
v2.0.23
v2.0.24
v2.0.25
v2.1.0-BETA1
v2.1.0-BETA2
v2.1.0-BETA3
v2.1.0-BETA4
v2.1.0-RC1
v2.1.0-RC2
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.2.0-BETA1
v2.2.0-BETA2
v2.2.0-RC1
v2.2.0-RC2
v2.2.0-RC3
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.2.10
v2.2.11
v2.3.0-BETA1
v2.3.0-BETA2
v2.3.0-RC1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.3.12
v2.3.13
v2.3.14
v2.3.15
v2.3.16
v2.3.17
v2.3.18
v2.3.19
v2.3.20
v2.3.21
v2.3.22
v2.3.23
v2.3.24
v2.3.25
v2.3.26
v2.3.27
v2.3.28
v2.3.29
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37
v2.3.38
v2.3.39
v2.3.40
v2.3.41
v2.3.42
v2.4.0-BETA1
v2.4.0-BETA2
v2.4.0-RC1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.5.0-BETA1
v2.5.0-BETA2
v2.5.0-RC1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.5.10
v2.5.11
v2.5.12
v2.6.0-BETA1
v2.6.0-BETA2
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
v2.6.11
v2.6.12
v2.6.13
v2.7.0-BETA1
v2.7.0-BETA2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.50
v2.7.51
v2.7.52
v2.8.0-BETA1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.50
v2.8.51
v2.8.52
v3.*
v3.0.0-BETA1
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0-BETA1
v3.1.0-RC1
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.2.0-BETA1
v3.2.0-RC1
v3.2.0-RC2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.3.0-BETA1
v3.3.0-RC1
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.17
v3.3.18
v3.4.0-BETA1
v3.4.0-BETA2
v3.4.0-BETA3
v3.4.0-BETA4
v3.4.0-RC1
v3.4.0-RC2
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.26
v3.4.27
v3.4.28
v3.4.29
v3.4.30
v3.4.31
v3.4.32
v3.4.33
v3.4.34
v3.4.35
v3.4.36
v3.4.37
v3.4.38
v3.4.39
v3.4.40
v3.4.41
v3.4.42
v3.4.43
v3.4.44
v3.4.45
v3.4.46
v3.4.47
v3.4.48
v3.4.49
v4.*
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.2.0-BETA1
v4.2.0-BETA2
v4.2.0-RC1
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.2.8
v4.2.9
v4.2.10
v4.2.11
v4.2.12
v4.3.0-BETA1
v4.3.0-BETA2
v4.3.0-RC1
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.3.10
v4.3.11
v4.4.0-BETA1
v4.4.0-BETA2
v4.4.0-RC1
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.4.10
v4.4.11
v4.4.12
v4.4.13
v4.4.14
v4.4.15
v4.4.16
v4.4.17
v4.4.18
v4.4.19
v4.4.20
v4.4.21
v4.4.22
v4.4.23
v4.4.24
v4.4.25
v4.4.26
v4.4.27
v4.4.28
v4.4.29
v4.4.30
v4.4.31
v4.4.32
v4.4.33
v4.4.34
v4.4.35
v4.4.36
v4.4.37
v4.4.38
v4.4.39
v4.4.40
v4.4.41
v4.4.42
v4.4.43
v4.4.44
v4.4.45
v4.4.46
v4.4.47
v4.4.48
v4.4.49
v4.4.50
v4.4.51
v5.*
v5.0.0-BETA1
v5.0.0-BETA2
v5.0.0-RC1
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.0.10
v5.0.11
v5.1.0-BETA1
v5.1.0-RC1
v5.1.0-RC2
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.1.9
v5.1.10
v5.1.11
v5.2.0-BETA1
v5.2.0-BETA2
v5.2.0-BETA3
v5.2.0-RC1
v5.2.0-RC2
v5.2.0
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.2.7
v5.2.8
v5.2.9
v5.2.10
v5.2.11
v5.2.12
v5.2.13
v5.2.14
v5.3.0-BETA1
v5.3.0-BETA2
v5.3.0-BETA3
v5.3.0-BETA4
v5.3.0-RC1
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.3.10
v5.3.11
v5.3.12
v5.3.13
v5.3.14
v5.3.15
v5.3.16
v5.4.0-BETA1
v5.4.0-BETA2
v5.4.0-BETA3
v5.4.0-RC1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.4.5
v5.4.6
v5.4.7
v5.4.8
v5.4.9
v5.4.10
v5.4.11
v5.4.12
v5.4.13
v5.4.14
v5.4.15
v5.4.16
v5.4.17
v5.4.18
v5.4.19
v5.4.20
v5.4.21
v5.4.22
v5.4.23
v5.4.24
v5.4.25
v5.4.26
v5.4.27
v5.4.28
v5.4.29
v5.4.30
v5.4.31
v5.4.32
v5.4.33
v5.4.34
v5.4.35
v5.4.36
v5.4.37
v5.4.38
v5.4.39
v5.4.40
v5.4.41
v5.4.42
v5.4.43
v5.4.44
v5.4.45
v5.4.46
v5.4.47
v5.4.48
v5.4.49
v5.4.50
v5.4.51

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/monolog-bridge

Package

Name
symfony/monolog-bridge
Purl
pkg:composer/symfony%2Fmonolog-bridge

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.4.40

Affected versions

v6.*
v6.0.0
v6.0.1
v6.0.3
v6.0.10
v6.0.17
v6.0.19
v6.1.0-BETA1
v6.1.0-BETA2
v6.1.0-RC1
v6.1.0
v6.1.1
v6.1.2
v6.1.9
v6.1.11
v6.2.0-BETA1
v6.2.0-RC1
v6.2.0
v6.2.2
v6.2.5
v6.2.7
v6.2.8
v6.3.0-BETA1
v6.3.0-RC1
v6.3.0
v6.3.1
v6.3.8
v6.3.12
v6.4.0-BETA1
v6.4.0-BETA3
v6.4.0-RC1
v6.4.0
v6.4.3
v6.4.4
v6.4.7
v6.4.8
v6.4.13
v6.4.24
v6.4.25
v6.4.26
v6.4.27
v6.4.28
v6.4.32
v6.4.34
v6.4.36
v6.4.37

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/monolog-bridge

Package

Name
symfony/monolog-bridge
Purl
pkg:composer/symfony%2Fmonolog-bridge

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.4.12

Affected versions

v7.*
v7.0.0
v7.0.3
v7.0.7
v7.0.8
v7.1.0-BETA1
v7.1.0-RC1
v7.1.0
v7.1.1
v7.1.6
v7.2.0-BETA1
v7.2.0-RC1
v7.2.0
v7.3.0-BETA1
v7.3.0-RC1
v7.3.0
v7.3.3
v7.3.4
v7.3.5
v7.3.6
v7.3.10
v7.4.0-BETA1
v7.4.0-BETA2
v7.4.0-RC1
v7.4.0
v7.4.4
v7.4.6
v7.4.8
v7.4.9

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/monolog-bridge

Package

Name
symfony/monolog-bridge
Purl
pkg:composer/symfony%2Fmonolog-bridge

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.0.12

Affected versions

v8.*
v8.0.0
v8.0.4
v8.0.6
v8.0.8
v8.0.9

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/symfony

Package

Name
symfony/symfony
Purl
pkg:composer/symfony%2Fsymfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.4.40

Affected versions

v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.17
v6.0.18
v6.0.19
v6.0.20
v6.1.0-BETA1
v6.1.0-BETA2
v6.1.0-RC1
v6.1.0
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.1.10
v6.1.11
v6.1.12
v6.2.0-BETA1
v6.2.0-BETA2
v6.2.0-BETA3
v6.2.0-RC1
v6.2.0-RC2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.7
v6.2.8
v6.2.9
v6.2.10
v6.2.11
v6.2.12
v6.2.13
v6.2.14
v6.3.0-BETA1
v6.3.0-BETA2
v6.3.0-BETA3
v6.3.0-RC1
v6.3.0-RC2
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.3.9
v6.3.10
v6.3.11
v6.3.12
v6.4.0-BETA1
v6.4.0-BETA2
v6.4.0-BETA3
v6.4.0-RC1
v6.4.0-RC2
v6.4.0
v6.4.1
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.4.10
v6.4.11
v6.4.12
v6.4.13
v6.4.14
v6.4.15
v6.4.16
v6.4.17
v6.4.18
v6.4.19
v6.4.20
v6.4.21
v6.4.22
v6.4.23
v6.4.24
v6.4.25
v6.4.26
v6.4.27
v6.4.28
v6.4.29
v6.4.30
v6.4.31
v6.4.32
v6.4.33
v6.4.34
v6.4.35
v6.4.36
v6.4.37
v6.4.38
v6.4.39

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/symfony

Package

Name
symfony/symfony
Purl
pkg:composer/symfony%2Fsymfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.4.12

Affected versions

v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.6
v7.0.7
v7.0.8
v7.0.9
v7.0.10
v7.1.0-BETA1
v7.1.0-RC1
v7.1.0
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.1.10
v7.1.11
v7.2.0-BETA1
v7.2.0-BETA2
v7.2.0-RC1
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.2.4
v7.2.5
v7.2.6
v7.2.7
v7.2.8
v7.2.9
v7.3.0-BETA1
v7.3.0-BETA2
v7.3.0-RC1
v7.3.0
v7.3.1
v7.3.2
v7.3.3
v7.3.4
v7.3.5
v7.3.6
v7.3.7
v7.3.8
v7.3.9
v7.3.10
v7.3.11
v7.4.0-BETA1
v7.4.0-BETA2
v7.4.0-RC1
v7.4.0-RC2
v7.4.0-RC3
v7.4.0
v7.4.1
v7.4.2
v7.4.3
v7.4.4
v7.4.5
v7.4.6
v7.4.7
v7.4.8
v7.4.9
v7.4.10
v7.4.11

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"
symfony/symfony

Package

Name
symfony/symfony
Purl
pkg:composer/symfony%2Fsymfony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.0.12

Affected versions

v8.*
v8.0.0
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8
v8.0.9
v8.0.10
v8.0.11

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-m7v2-7gxm-vc2v/GHSA-m7v2-7gxm-vc2v.json"