Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-http@5.3.3
Typecomposer
Namespacesymfony
Namesecurity-http
Version5.3.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.1.8
Latest_non_vulnerable_version7.2.0-BETA1
Affected_by_vulnerabilities
0
url VCID-bdhj-np35-sybt
vulnerability_id VCID-bdhj-np35-sybt
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02089
scoring_system epss
scoring_elements 0.83967
published_at 2026-04-02T12:55:00Z
1
value 0.02089
scoring_system epss
scoring_elements 0.84016
published_at 2026-04-09T12:55:00Z
2
value 0.02089
scoring_system epss
scoring_elements 0.8401
published_at 2026-04-08T12:55:00Z
3
value 0.02089
scoring_system epss
scoring_elements 0.83986
published_at 2026-04-07T12:55:00Z
4
value 0.02089
scoring_system epss
scoring_elements 0.83982
published_at 2026-04-04T12:55:00Z
5
value 0.02089
scoring_system epss
scoring_elements 0.84047
published_at 2026-04-18T12:55:00Z
6
value 0.02089
scoring_system epss
scoring_elements 0.84045
published_at 2026-04-16T12:55:00Z
7
value 0.02089
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-13T12:55:00Z
8
value 0.02089
scoring_system epss
scoring_elements 0.84025
published_at 2026-04-12T12:55:00Z
9
value 0.02089
scoring_system epss
scoring_elements 0.84032
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.31
purl pkg:composer/symfony/security-http@5.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sbsb-u8u5-4bcm
1
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.31
1
url pkg:composer/symfony/security-http@6.3.8
purl pkg:composer/symfony/security-http@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sbsb-u8u5-4bcm
1
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt
1
url VCID-kqcd-f4vt-r7g8
vulnerability_id VCID-kqcd-f4vt-r7g8
summary 
Session Fixation
`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.64778
published_at 2026-04-01T12:55:00Z
1
value 0.00476
scoring_system epss
scoring_elements 0.64911
published_at 2026-04-18T12:55:00Z
2
value 0.00476
scoring_system epss
scoring_elements 0.64863
published_at 2026-04-13T12:55:00Z
3
value 0.00476
scoring_system epss
scoring_elements 0.64891
published_at 2026-04-12T12:55:00Z
4
value 0.00476
scoring_system epss
scoring_elements 0.649
published_at 2026-04-16T12:55:00Z
5
value 0.00476
scoring_system epss
scoring_elements 0.64883
published_at 2026-04-09T12:55:00Z
6
value 0.00476
scoring_system epss
scoring_elements 0.64868
published_at 2026-04-08T12:55:00Z
7
value 0.00476
scoring_system epss
scoring_elements 0.64818
published_at 2026-04-07T12:55:00Z
8
value 0.00476
scoring_system epss
scoring_elements 0.64855
published_at 2026-04-04T12:55:00Z
9
value 0.00476
scoring_system epss
scoring_elements 0.64828
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
5
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
6
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
7
reference_url https://symfony.com/cve-2021-41268
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41268
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
reference_id CVE-2021-41268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
9
reference_url https://github.com/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw36-p97w-vcqr
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.0-BETA1
purl pkg:composer/symfony/security-http@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
1
vulnerability VCID-sbsb-u8u5-4bcm
2
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0-BETA1
1
url pkg:composer/symfony/security-http@5.4.0
purl pkg:composer/symfony/security-http@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
1
vulnerability VCID-sbsb-u8u5-4bcm
2
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0
aliases CVE-2021-41268, GHSA-qw36-p97w-vcqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqcd-f4vt-r7g8
2
url VCID-n3d2-zwve-gbf5
vulnerability_id VCID-n3d2-zwve-gbf5
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
reference_id
reference_type
scores
0
value 0.00462
scoring_system epss
scoring_elements 0.64139
published_at 2026-04-02T12:55:00Z
1
value 0.00462
scoring_system epss
scoring_elements 0.64213
published_at 2026-04-18T12:55:00Z
2
value 0.00462
scoring_system epss
scoring_elements 0.64202
published_at 2026-04-16T12:55:00Z
3
value 0.00462
scoring_system epss
scoring_elements 0.64167
published_at 2026-04-13T12:55:00Z
4
value 0.00462
scoring_system epss
scoring_elements 0.64195
published_at 2026-04-12T12:55:00Z
5
value 0.00462
scoring_system epss
scoring_elements 0.64207
published_at 2026-04-11T12:55:00Z
6
value 0.00462
scoring_system epss
scoring_elements 0.64193
published_at 2026-04-09T12:55:00Z
7
value 0.00462
scoring_system epss
scoring_elements 0.64177
published_at 2026-04-08T12:55:00Z
8
value 0.00462
scoring_system epss
scoring_elements 0.64126
published_at 2026-04-07T12:55:00Z
9
value 0.00462
scoring_system epss
scoring_elements 0.64166
published_at 2026-04-04T12:55:00Z
10
value 0.00462
scoring_system epss
scoring_elements 0.64082
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
3
reference_url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
4
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
5
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
6
reference_url https://symfony.com/cve-2021-41267
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41267
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
reference_id CVE-2021-41267
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
8
reference_url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.0-BETA1
purl pkg:composer/symfony/security-http@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
1
vulnerability VCID-sbsb-u8u5-4bcm
2
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0-BETA1
1
url pkg:composer/symfony/security-http@5.4.0
purl pkg:composer/symfony/security-http@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bdhj-np35-sybt
1
vulnerability VCID-sbsb-u8u5-4bcm
2
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0
aliases CVE-2021-41267, GHSA-q3j3-w37x-hq2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3d2-zwve-gbf5
3
url VCID-sbsb-u8u5-4bcm
vulnerability_id VCID-sbsb-u8u5-4bcm
summary 
Symfony has an Authentication Bypass via RememberMe
### Description

When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.

### Resolution

The `PersistentRememberMeHandler` class now ensures the submitted username is the cookie owner.

The patch for this issue is available [here](https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a) for branch 5.4.

### Credits

We would like to thank Moritz Rauch - Pentryx AG for reporting the issue and Jérémy Derussé for providing the fix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20333
published_at 2026-04-02T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.2519
published_at 2026-04-18T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.252
published_at 2026-04-16T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25191
published_at 2026-04-13T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25245
published_at 2026-04-12T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25287
published_at 2026-04-11T12:55:00Z
6
value 0.00088
scoring_system epss
scoring_elements 0.25272
published_at 2026-04-09T12:55:00Z
7
value 0.00088
scoring_system epss
scoring_elements 0.25227
published_at 2026-04-08T12:55:00Z
8
value 0.00088
scoring_system epss
scoring_elements 0.25158
published_at 2026-04-07T12:55:00Z
9
value 0.00088
scoring_system epss
scoring_elements 0.2538
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
5
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
7
reference_url https://symfony.com/cve-2024-51996
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-51996
8
reference_url https://github.com/advisories/GHSA-cg23-qf8f-62rr
reference_id GHSA-cg23-qf8f-62rr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg23-qf8f-62rr
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.47
purl pkg:composer/symfony/security-http@5.4.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.47
1
url pkg:composer/symfony/security-http@6.4.15
purl pkg:composer/symfony/security-http@6.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v4rq-bsry-puct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.4.15
2
url pkg:composer/symfony/security-http@7.1.8
purl pkg:composer/symfony/security-http@7.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.8
3
url pkg:composer/symfony/security-http@7.2.0-BETA1
purl pkg:composer/symfony/security-http@7.2.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.2.0-BETA1
aliases CVE-2024-51996, GHSA-cg23-qf8f-62rr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbsb-u8u5-4bcm
4
url VCID-v4rq-bsry-puct
vulnerability_id VCID-v4rq-bsry-puct
summary 
Withdrawn Advisory: Symfony http-security has authentication bypass
## Withdrawn Advisory
This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.

## Original Description
In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31939
published_at 2026-04-08T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31911
published_at 2026-04-18T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.31898
published_at 2026-04-13T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.31932
published_at 2026-04-16T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.31972
published_at 2026-04-11T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.31968
published_at 2026-04-09T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.32023
published_at 2026-04-02T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.32064
published_at 2026-04-04T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.31887
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
2
reference_url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
3
reference_url https://github.com/github/advisory-database/pull/5046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/github/advisory-database/pull/5046
4
reference_url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
5
reference_url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
6
reference_url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
reference_id 1088817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
9
reference_url https://github.com/advisories/GHSA-7q22-x757-cmgc
reference_id GHSA-7q22-x757-cmgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q22-x757-cmgc
fixed_packages
0
url pkg:composer/symfony/security-http@7.1.0
purl pkg:composer/symfony/security-http@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sbsb-u8u5-4bcm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.0
aliases CVE-2024-36611, GHSA-7q22-x757-cmgc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rq-bsry-puct
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.3.3