Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security@2.7.24
Typecomposer
Namespacesymfony
Namesecurity
Version2.7.24
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.51
Latest_non_vulnerable_version4.4.24
Affected_by_vulnerabilities
0
url VCID-556v-rym3-6yax
vulnerability_id VCID-556v-rym3-6yax
summary 
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
reference_id
reference_type
scores
0
value 0.00184
scoring_system epss
scoring_elements 0.40045
published_at 2026-04-01T12:55:00Z
1
value 0.00184
scoring_system epss
scoring_elements 0.40181
published_at 2026-04-18T12:55:00Z
2
value 0.00184
scoring_system epss
scoring_elements 0.40211
published_at 2026-04-16T12:55:00Z
3
value 0.00184
scoring_system epss
scoring_elements 0.40162
published_at 2026-04-13T12:55:00Z
4
value 0.00184
scoring_system epss
scoring_elements 0.4018
published_at 2026-04-12T12:55:00Z
5
value 0.00184
scoring_system epss
scoring_elements 0.40206
published_at 2026-04-09T12:55:00Z
6
value 0.00184
scoring_system epss
scoring_elements 0.40195
published_at 2026-04-08T12:55:00Z
7
value 0.00184
scoring_system epss
scoring_elements 0.40141
published_at 2026-04-07T12:55:00Z
8
value 0.00184
scoring_system epss
scoring_elements 0.40218
published_at 2026-04-11T12:55:00Z
9
value 0.00184
scoring_system epss
scoring_elements 0.40194
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11406
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11406
25
reference_url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
26
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
29
reference_url https://symfony.com/cve-2018-11406
reference_id CVE-2018-11406
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11406
30
reference_url https://github.com/advisories/GHSA-g4g7-q726-v5hg
reference_id GHSA-g4g7-q726-v5hg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4g7-q726-v5hg
fixed_packages
0
url pkg:composer/symfony/security@2.7.48
purl pkg:composer/symfony/security@2.7.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-nsk8-bk5e-tbfh
4
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48
1
url pkg:composer/symfony/security@2.8.41
purl pkg:composer/symfony/security@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41
2
url pkg:composer/symfony/security@3.3.17
purl pkg:composer/symfony/security@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17
3
url pkg:composer/symfony/security@3.4.11
purl pkg:composer/symfony/security@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11
4
url pkg:composer/symfony/security@4.0.11
purl pkg:composer/symfony/security@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11
aliases CVE-2018-11406, GHSA-g4g7-q726-v5hg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-556v-rym3-6yax
1
url VCID-71vh-7wte-kfcx
vulnerability_id VCID-71vh-7wte-kfcx
summary 
Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
reference_id
reference_type
scores
0
value 0.00904
scoring_system epss
scoring_elements 0.75652
published_at 2026-04-02T12:55:00Z
1
value 0.00904
scoring_system epss
scoring_elements 0.75748
published_at 2026-04-18T12:55:00Z
2
value 0.00904
scoring_system epss
scoring_elements 0.75745
published_at 2026-04-16T12:55:00Z
3
value 0.00904
scoring_system epss
scoring_elements 0.75707
published_at 2026-04-13T12:55:00Z
4
value 0.00904
scoring_system epss
scoring_elements 0.75713
published_at 2026-04-12T12:55:00Z
5
value 0.00904
scoring_system epss
scoring_elements 0.75732
published_at 2026-04-11T12:55:00Z
6
value 0.00904
scoring_system epss
scoring_elements 0.75708
published_at 2026-04-09T12:55:00Z
7
value 0.00904
scoring_system epss
scoring_elements 0.75697
published_at 2026-04-08T12:55:00Z
8
value 0.00904
scoring_system epss
scoring_elements 0.75663
published_at 2026-04-07T12:55:00Z
9
value 0.00904
scoring_system epss
scoring_elements 0.75683
published_at 2026-04-04T12:55:00Z
10
value 0.00904
scoring_system epss
scoring_elements 0.7565
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11385
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f
14
reference_url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b
15
reference_url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d
16
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11385
27
reference_url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
28
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
33
reference_url https://symfony.com/cve-2018-11385
reference_id CVE-2018-11385
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11385
34
reference_url https://github.com/advisories/GHSA-g4rg-rw65-8hfg
reference_id GHSA-g4rg-rw65-8hfg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4rg-rw65-8hfg
fixed_packages
0
url pkg:composer/symfony/security@2.7.48
purl pkg:composer/symfony/security@2.7.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-nsk8-bk5e-tbfh
4
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48
1
url pkg:composer/symfony/security@2.8.41
purl pkg:composer/symfony/security@2.8.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41
2
url pkg:composer/symfony/security@3.3.17
purl pkg:composer/symfony/security@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17
3
url pkg:composer/symfony/security@3.4.11
purl pkg:composer/symfony/security@3.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11
4
url pkg:composer/symfony/security@4.0.11
purl pkg:composer/symfony/security@4.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
2
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11
aliases CVE-2018-11385, GHSA-g4rg-rw65-8hfg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71vh-7wte-kfcx
2
url VCID-bpkv-qrmp-huac
vulnerability_id VCID-bpkv-qrmp-huac
summary 
Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.5071
published_at 2026-04-18T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50704
published_at 2026-04-16T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.51739
published_at 2026-04-12T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51625
published_at 2026-04-01T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.51676
published_at 2026-04-02T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.51701
published_at 2026-04-04T12:55:00Z
6
value 0.00283
scoring_system epss
scoring_elements 0.51661
published_at 2026-04-07T12:55:00Z
7
value 0.00283
scoring_system epss
scoring_elements 0.51716
published_at 2026-04-08T12:55:00Z
8
value 0.00283
scoring_system epss
scoring_elements 0.51761
published_at 2026-04-11T12:55:00Z
9
value 0.00283
scoring_system epss
scoring_elements 0.51712
published_at 2026-04-09T12:55:00Z
10
value 0.00283
scoring_system epss
scoring_elements 0.51722
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10911
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
12
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
13
reference_url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10911
15
reference_url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
16
reference_url https://www.synology.com/security/advisory/Synology_SA_19_19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.synology.com/security/advisory/Synology_SA_19_19
17
reference_url https://symfony.com/cve-2019-10911
reference_id CVE-2019-10911
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10911
18
reference_url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
reference_id GHSA-cchx-mfrc-fwqr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cchx-mfrc-fwqr
fixed_packages
0
url pkg:composer/symfony/security@2.7.51
purl pkg:composer/symfony/security@2.7.51
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.51
1
url pkg:composer/symfony/security@2.8.50
purl pkg:composer/symfony/security@2.8.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.50
2
url pkg:composer/symfony/security@3.4.26
purl pkg:composer/symfony/security@3.4.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.26
3
url pkg:composer/symfony/security@4.1.12
purl pkg:composer/symfony/security@4.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bpkv-qrmp-huac
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.1.12
4
url pkg:composer/symfony/security@4.2.7
purl pkg:composer/symfony/security@4.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.2.7
aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpkv-qrmp-huac
3
url VCID-mm7e-kb6c-vucx
vulnerability_id VCID-mm7e-kb6c-vucx
summary `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.4486
published_at 2026-04-11T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44826
published_at 2026-04-02T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44877
published_at 2026-04-18T12:55:00Z
3
value 0.00222
scoring_system epss
scoring_elements 0.44884
published_at 2026-04-16T12:55:00Z
4
value 0.00222
scoring_system epss
scoring_elements 0.4483
published_at 2026-04-13T12:55:00Z
5
value 0.00222
scoring_system epss
scoring_elements 0.44828
published_at 2026-04-12T12:55:00Z
6
value 0.00222
scoring_system epss
scoring_elements 0.44847
published_at 2026-04-04T12:55:00Z
7
value 0.00222
scoring_system epss
scoring_elements 0.44745
published_at 2026-04-01T12:55:00Z
8
value 0.00222
scoring_system epss
scoring_elements 0.44788
published_at 2026-04-07T12:55:00Z
9
value 0.00222
scoring_system epss
scoring_elements 0.4484
published_at 2026-04-08T12:55:00Z
10
value 0.00222
scoring_system epss
scoring_elements 0.44843
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16652
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/pull/24995
reference_id
reference_type
scores
url https://github.com/symfony/symfony/pull/24995
15
reference_url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16652
17
reference_url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
20
reference_url https://symfony.com/cve-2017-16652
reference_id CVE-2017-16652
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16652
21
reference_url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS
reference_type
scores
url http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
22
reference_url https://github.com/advisories/GHSA-r7p7-qr7p-2rrf
reference_id GHSA-r7p7-qr7p-2rrf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7p7-qr7p-2rrf
fixed_packages
0
url pkg:composer/symfony/security@2.7.38
purl pkg:composer/symfony/security@2.7.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-nsk8-bk5e-tbfh
4
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38
1
url pkg:composer/symfony/security@2.8.31
purl pkg:composer/symfony/security@2.8.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.31
2
url pkg:composer/symfony/security@3.2.14
purl pkg:composer/symfony/security@3.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.2.14
3
url pkg:composer/symfony/security@3.3.13
purl pkg:composer/symfony/security@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.13
aliases CVE-2017-16652, GHSA-r7p7-qr7p-2rrf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm7e-kb6c-vucx
4
url VCID-t2dx-5us4-mkf1
vulnerability_id VCID-t2dx-5us4-mkf1
summary 
Cross-Site Request Forgery (CSRF)
The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16653
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.55579
published_at 2026-04-08T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.55593
published_at 2026-04-18T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.5559
published_at 2026-04-16T12:55:00Z
3
value 0.00325
scoring_system epss
scoring_elements 0.55553
published_at 2026-04-13T12:55:00Z
4
value 0.00325
scoring_system epss
scoring_elements 0.5557
published_at 2026-04-12T12:55:00Z
5
value 0.00325
scoring_system epss
scoring_elements 0.55591
published_at 2026-04-11T12:55:00Z
6
value 0.00325
scoring_system epss
scoring_elements 0.55581
published_at 2026-04-09T12:55:00Z
7
value 0.00325
scoring_system epss
scoring_elements 0.55414
published_at 2026-04-01T12:55:00Z
8
value 0.00325
scoring_system epss
scoring_elements 0.55526
published_at 2026-04-02T12:55:00Z
9
value 0.00325
scoring_system epss
scoring_elements 0.55551
published_at 2026-04-04T12:55:00Z
10
value 0.00325
scoring_system epss
scoring_elements 0.55528
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16653
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml
13
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
14
reference_url https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e
15
reference_url https://github.com/symfony/symfony/pull/24992
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/24992
16
reference_url https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https
17
reference_url https://www.debian.org/security/2018/dsa-4262
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4262
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16653
reference_id CVE-2017-16653
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16653
19
reference_url https://symfony.com/cve-2017-16653
reference_id CVE-2017-16653
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-16653
20
reference_url https://github.com/advisories/GHSA-92x6-h2gr-8gxq
reference_id GHSA-92x6-h2gr-8gxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92x6-h2gr-8gxq
fixed_packages
0
url pkg:composer/symfony/security@2.7.38
purl pkg:composer/symfony/security@2.7.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-nsk8-bk5e-tbfh
4
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38
1
url pkg:composer/symfony/security@2.8.31
purl pkg:composer/symfony/security@2.8.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.31
2
url pkg:composer/symfony/security@3.2.14
purl pkg:composer/symfony/security@3.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.2.14
3
url pkg:composer/symfony/security@3.3.13
purl pkg:composer/symfony/security@3.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-556v-rym3-6yax
1
vulnerability VCID-71vh-7wte-kfcx
2
vulnerability VCID-bpkv-qrmp-huac
3
vulnerability VCID-dqaj-qmbd-cya1
4
vulnerability VCID-e71e-d4tr-wqgz
5
vulnerability VCID-v81g-hqja-hue2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.13
aliases CVE-2017-16653, GHSA-92x6-h2gr-8gxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2dx-5us4-mkf1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.24