Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3664.NASL
HistoryNov 24, 2023 - 12:00 a.m.

Debian DLA-3664-1 : symfony - LTS security update

2023-11-2400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
debian 10
symfony php framework
security update
vulnerability
twig filters
unescaped output
nessus.

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.5%

JSON

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3664 advisory.

  • Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use is_safe=html but don’t actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. (CVE-2023-46734)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3664. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(186245);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/24");

  script_cve_id("CVE-2023-46734");

  script_name(english:"Debian DLA-3664-1 : symfony - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3664
advisory.

  - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting
    in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in
    CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51,
    5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. (CVE-2023-46734)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/symfony");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3664");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-46734");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/symfony");
  script_set_attribute(attribute:"solution", value:
"Upgrade the symfony packages.

For Debian 10 buster, this problem has been fixed in version 3.4.22+dfsg-2+deb10u3.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-46734");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-asset");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-browser-kit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-cache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-class-loader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-css-selector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-debug-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-dependency-injection");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-doctrine-bridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-dom-crawler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-dotenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-event-dispatcher");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-expression-language");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-finder");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-form");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-framework-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-http-foundation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-http-kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-inflector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-lock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-monolog-bridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-options-resolver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-phpunit-bridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-property-access");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-property-info");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-proxy-manager-bridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-routing");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-csrf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-guard");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-security-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-serializer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-stopwatch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-templating");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-translation");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-twig-bridge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-twig-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-validator");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-var-dumper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-web-link");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-web-profiler-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-web-server-bundle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-workflow");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:php-symfony-yaml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'php-symfony', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-asset', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-browser-kit', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-cache', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-class-loader', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-config', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-console', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-css-selector', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-debug', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-debug-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-dependency-injection', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-doctrine-bridge', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-dom-crawler', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-dotenv', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-event-dispatcher', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-expression-language', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-filesystem', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-finder', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-form', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-framework-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-http-foundation', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-http-kernel', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-inflector', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-intl', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-ldap', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-lock', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-monolog-bridge', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-options-resolver', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-phpunit-bridge', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-process', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-property-access', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-property-info', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-proxy-manager-bridge', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-routing', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security-core', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security-csrf', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security-guard', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-security-http', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-serializer', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-stopwatch', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-templating', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-translation', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-twig-bridge', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-twig-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-validator', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-var-dumper', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-web-link', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-web-profiler-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-web-server-bundle', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-workflow', 'reference': '3.4.22+dfsg-2+deb10u3'},
    {'release': '10.0', 'prefix': 'php-symfony-yaml', 'reference': '3.4.22+dfsg-2+deb10u3'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php-symfony / php-symfony-asset / php-symfony-browser-kit / etc');
}
VendorProductVersionCPE
debiandebian_linuxphp-symfonyp-cpe:/a:debian:debian_linux:php-symfony
debiandebian_linuxphp-symfony-assetp-cpe:/a:debian:debian_linux:php-symfony-asset
debiandebian_linuxphp-symfony-browser-kitp-cpe:/a:debian:debian_linux:php-symfony-browser-kit
debiandebian_linuxphp-symfony-cachep-cpe:/a:debian:debian_linux:php-symfony-cache
debiandebian_linuxphp-symfony-class-loaderp-cpe:/a:debian:debian_linux:php-symfony-class-loader
debiandebian_linuxphp-symfony-configp-cpe:/a:debian:debian_linux:php-symfony-config
debiandebian_linuxphp-symfony-consolep-cpe:/a:debian:debian_linux:php-symfony-console
debiandebian_linuxphp-symfony-css-selectorp-cpe:/a:debian:debian_linux:php-symfony-css-selector
debiandebian_linuxphp-symfony-debugp-cpe:/a:debian:debian_linux:php-symfony-debug
debiandebian_linuxphp-symfony-debug-bundlep-cpe:/a:debian:debian_linux:php-symfony-debug-bundle
Rows per page:
1-10 of 541

Related

osv 4
debian 1
cvelist 1
cve 1
ubuntucve 1
prion 1
nvd 1
symfony 1
friendsofphp 2
debiancve 1
openvas 1
veracode 1
github 1
osv
osv
symfony - security update
2023-11-24 00:00:00
BIT-symfony-2023-46734
2024-03-06 11:06:44
CVE-2023-46734
2023-11-10 18:15:09
debian
debian
[SECURITY] [DLA 3664-1] symfony security update
2023-11-24 18:22:20
cvelist
cvelist
CVE-2023-46734 Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
2023-11-10 17:49:55
cve
cve
CVE-2023-46734
2023-11-10 18:15:09
ubuntucve
ubuntucve
CVE-2023-46734
2023-11-10 00:00:00
prion
prion
Design/Logic Flaw
2023-11-10 18:15:00
nvd
nvd
CVE-2023-46734
2023-11-10 18:15:09
symfony
symfony
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
2023-11-10 00:00:00
friendsofphp
friendsofphp
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
1970-01-01 00:00:00
CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters
1970-01-01 00:00:00
debiancve
debiancve
CVE-2023-46734
2023-11-10 18:15:09
openvas
openvas
Debian: Security Advisory (DLA-3664-1)
2023-11-27 00:00:00
veracode
veracode
Cross Site Scripting (XSS)
2023-11-13 08:57:55
github
github
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
2023-11-12 15:52:51

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.5%

JSON
Related for DEBIAN_DLA-3664.NASL
osv4debian1cvelist1cve1ubuntucve1prion1nvd1symfony1friendsofphp2debiancve1openvas1veracode1github1