Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/security@2.0.5

Type composer

Namespace symfony

Name security

Version 2.0.5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.51

Latest_non_vulnerable_version 4.4.24

Affected_by_vulnerabilities

url VCID-86ct-zv8d-d3eb

vulnerability_id VCID-86ct-zv8d-d3eb

summary

Routes behind a firewall are accessible even when not logged in
Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44616
published_at	2026-06-04T12:55:00Z

value	0.0022
scoring_system	epss
scoring_elements	0.44686
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6431

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yaml

reference_url

https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496

reference_url

https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6431

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6431

reference_url

https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_url

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

fixed_packages

url pkg:composer/symfony/security@2.0.19

purl pkg:composer/symfony/security@2.0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-rkap-39hu-abe9

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.0.19

aliases CVE-2012-6431, GHSA-83c3-qx27-2rwr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86ct-zv8d-d3eb

url VCID-ef86-hqv4-6kaz

vulnerability_id VCID-ef86-hqv4-6kaz

summary

Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11406

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.39996
published_at	2026-06-05T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.39914
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11406

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11406

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11406

reference_url

https://symfony.com/blog/cve-2018-11406-csrf-token-fixation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-11406-csrf-token-fixation

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url

https://symfony.com/cve-2018-11406

reference_id

CVE-2018-11406

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-11406

fixed_packages

url pkg:composer/symfony/security@2.7.48

purl pkg:composer/symfony/security@2.7.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-vyug-krcw-jyef

vulnerability	VCID-x4nv-gvag-7qf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48

url pkg:composer/symfony/security@2.8.41

purl pkg:composer/symfony/security@2.8.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41

url pkg:composer/symfony/security@3.3.17

purl pkg:composer/symfony/security@3.3.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

vulnerability	VCID-uuk9-e5qy-rfgf

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17

url pkg:composer/symfony/security@3.4.11

purl pkg:composer/symfony/security@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11

url pkg:composer/symfony/security@4.0.11

purl pkg:composer/symfony/security@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11

aliases CVE-2018-11406, GHSA-g4g7-q726-v5hg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz

url VCID-rkap-39hu-abe9

vulnerability_id VCID-rkap-39hu-abe9

summary

Uncontrolled Resource Consumption
The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-5958

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.65144
published_at	2026-06-05T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.65101
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-5958

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml

reference_url

https://github.com/symfony/polyfill/pull/155

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/polyfill/pull/155

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/issues/11522

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/issues/11522

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-5958

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-5958

reference_url

https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

reference_url

http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

fixed_packages

url pkg:composer/symfony/security@2.0.25

purl pkg:composer/symfony/security@2.0.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.0.25

url pkg:composer/symfony/security@2.1.13

purl pkg:composer/symfony/security@2.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.1.13

url pkg:composer/symfony/security@2.2.9

purl pkg:composer/symfony/security@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.2.9

url pkg:composer/symfony/security@2.3.6

purl pkg:composer/symfony/security@2.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-gjuz-mjah-e3bj

vulnerability	VCID-ty9b-xe8v-r7ag

vulnerability	VCID-uk5a-g7em-gygd

vulnerability	VCID-vyug-krcw-jyef

vulnerability	VCID-x4nv-gvag-7qf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.3.6

aliases CVE-2013-5958, GHSA-cr49-fx2v-9p57

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkap-39hu-abe9

url VCID-vyug-krcw-jyef

vulnerability_id VCID-vyug-krcw-jyef

summary

Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11385

reference_id

reference_type

scores

value	0.00904
scoring_system	epss
scoring_elements	0.76092
published_at	2026-06-04T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.76117
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f

reference_url

https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b

reference_url

https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11385

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11385

reference_url

https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url

https://symfony.com/cve-2018-11385

reference_id

CVE-2018-11385

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-11385

fixed_packages

url pkg:composer/symfony/security@2.7.48

purl pkg:composer/symfony/security@2.7.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-vyug-krcw-jyef

vulnerability	VCID-x4nv-gvag-7qf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48

url pkg:composer/symfony/security@2.8.41

purl pkg:composer/symfony/security@2.8.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41

url pkg:composer/symfony/security@3.3.17

purl pkg:composer/symfony/security@3.3.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-ef86-hqv4-6kaz

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

vulnerability	VCID-uuk9-e5qy-rfgf

vulnerability	VCID-vyug-krcw-jyef

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17

url pkg:composer/symfony/security@3.4.11

purl pkg:composer/symfony/security@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11

url pkg:composer/symfony/security@4.0.11

purl pkg:composer/symfony/security@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-mew1-9shg-mugs

vulnerability	VCID-p6f7-utd6-eqej

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11

aliases CVE-2018-11385, GHSA-g4rg-rw65-8hfg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.0.5

Package Instance