Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/security@2.7.38

Type composer

Namespace symfony

Name security

Version 2.7.38

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.51

Latest_non_vulnerable_version 4.4.24

Affected_by_vulnerabilities

url VCID-556v-rym3-6yax

vulnerability_id VCID-556v-rym3-6yax

summary

Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11406

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.40045
published_at	2026-04-01T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40211
published_at	2026-04-16T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40162
published_at	2026-04-13T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.4018
published_at	2026-04-12T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40206
published_at	2026-04-09T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40195
published_at	2026-04-08T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40141
published_at	2026-04-07T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40218
published_at	2026-04-11T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.40194
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11406

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11406.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11406.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/319e1bdd43979d9c1559497de8d69adea28ab8d1

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11406

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11406

reference_url

https://symfony.com/blog/cve-2018-11406-csrf-token-fixation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-11406-csrf-token-fixation

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::
reference_id	cpe:2.3:a:sensiolabs:symfony::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://symfony.com/cve-2018-11406

reference_id

CVE-2018-11406

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-11406

reference_url

https://github.com/advisories/GHSA-g4g7-q726-v5hg

reference_id

GHSA-g4g7-q726-v5hg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4g7-q726-v5hg

fixed_packages

url pkg:composer/symfony/security@2.7.48

purl pkg:composer/symfony/security@2.7.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-nsk8-bk5e-tbfh

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48

url pkg:composer/symfony/security@2.8.41

purl pkg:composer/symfony/security@2.8.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41

url pkg:composer/symfony/security@3.3.17

purl pkg:composer/symfony/security@3.3.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17

url pkg:composer/symfony/security@3.4.11

purl pkg:composer/symfony/security@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11

url pkg:composer/symfony/security@4.0.11

purl pkg:composer/symfony/security@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11

aliases CVE-2018-11406, GHSA-g4g7-q726-v5hg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-556v-rym3-6yax

url VCID-71vh-7wte-kfcx

vulnerability_id VCID-71vh-7wte-kfcx

summary

Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11385

reference_id

reference_type

scores

value	0.00904
scoring_system	epss
scoring_elements	0.75683
published_at	2026-04-04T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75745
published_at	2026-04-16T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75707
published_at	2026-04-13T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75713
published_at	2026-04-12T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75732
published_at	2026-04-11T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75708
published_at	2026-04-09T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75697
published_at	2026-04-08T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75663
published_at	2026-04-07T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.7565
published_at	2026-04-01T12:55:00Z

value	0.00904
scoring_system	epss
scoring_elements	0.75652
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11385.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-11385.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11385.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/194caff28b56707ea98e746c6582c06acbb9bc3f

reference_url

https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/fa5bf4b17d45ee32f41bd1a9abc3fb6c134ec89b

reference_url

https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/fad1e1f2ea336e85c889feece9d0e23fbfcf777d

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11385

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11385

reference_url

https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::
reference_id	cpe:2.3:a:sensiolabs:symfony::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url

https://symfony.com/cve-2018-11385

reference_id

CVE-2018-11385

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-11385

reference_url

https://github.com/advisories/GHSA-g4rg-rw65-8hfg

reference_id

GHSA-g4rg-rw65-8hfg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g4rg-rw65-8hfg

fixed_packages

url pkg:composer/symfony/security@2.7.48

purl pkg:composer/symfony/security@2.7.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-nsk8-bk5e-tbfh

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.48

url pkg:composer/symfony/security@2.8.41

purl pkg:composer/symfony/security@2.8.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.41

url pkg:composer/symfony/security@3.3.17

purl pkg:composer/symfony/security@3.3.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.17

url pkg:composer/symfony/security@3.4.11

purl pkg:composer/symfony/security@3.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.11

url pkg:composer/symfony/security@4.0.11

purl pkg:composer/symfony/security@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.11

aliases CVE-2018-11385, GHSA-g4rg-rw65-8hfg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71vh-7wte-kfcx

url VCID-bpkv-qrmp-huac

vulnerability_id VCID-bpkv-qrmp-huac

summary

Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50704
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51722
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51739
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51761
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51625
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51676
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51701
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51661
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51712
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51716
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://symfony.com/cve-2019-10911

reference_id

CVE-2019-10911

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10911

reference_url

https://github.com/advisories/GHSA-cchx-mfrc-fwqr

reference_id

GHSA-cchx-mfrc-fwqr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cchx-mfrc-fwqr

fixed_packages

url	pkg:composer/symfony/security@2.7.51
purl	pkg:composer/symfony/security@2.7.51
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.51

url pkg:composer/symfony/security@2.8.50

purl pkg:composer/symfony/security@2.8.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.50

url pkg:composer/symfony/security@3.4.26

purl pkg:composer/symfony/security@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.26

url pkg:composer/symfony/security@4.1.12

purl pkg:composer/symfony/security@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.1.12

url pkg:composer/symfony/security@4.2.7

purl pkg:composer/symfony/security@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.2.7

aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpkv-qrmp-huac

url VCID-nsk8-bk5e-tbfh

vulnerability_id VCID-nsk8-bk5e-tbfh

summary

CVE-2016-4423: Large username storage in session
The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4423

reference_id

reference_type

scores

value	0.01435
scoring_system	epss
scoring_elements	0.80628
published_at	2026-04-01T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.8072
published_at	2026-04-16T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80686
published_at	2026-04-13T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80694
published_at	2026-04-12T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80708
published_at	2026-04-11T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80691
published_at	2026-04-09T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80681
published_at	2026-04-08T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80654
published_at	2026-04-07T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80658
published_at	2026-04-04T12:55:00Z

value	0.01435
scoring_system	epss
scoring_elements	0.80636
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4423

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4423

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-4423.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2016-4423.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-4423.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/pull/18733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/18733

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4423

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4423

reference_url

https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session

reference_url

http://www.debian.org/security/2016/dsa-3588

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3588

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::
reference_id	cpe:2.3:a:sensiolabs:symfony::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.7.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.7.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:2.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:2.8.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:::::::*
reference_id	cpe:2.3:a:sensiolabs:symfony:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://symfony.com/cve-2016-4423

reference_id

CVE-2016-4423

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2016-4423

reference_url	http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
reference_id	CVE-2016-4423-LARGE-USERNAME-STORAGE-IN-SESSION
reference_type
scores
url	http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session

reference_url

https://github.com/advisories/GHSA-whgv-8cg3-7hcm

reference_id

GHSA-whgv-8cg3-7hcm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-whgv-8cg3-7hcm

fixed_packages

url pkg:composer/symfony/security@2.8.6

purl pkg:composer/symfony/security@2.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-mm7e-kb6c-vucx

vulnerability	VCID-t2dx-5us4-mkf1

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.6

url pkg:composer/symfony/security@3.0.6

purl pkg:composer/symfony/security@3.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-mm7e-kb6c-vucx

vulnerability	VCID-t2dx-5us4-mkf1

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.0.6

aliases CVE-2016-4423, GHSA-whgv-8cg3-7hcm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsk8-bk5e-tbfh

url VCID-v81g-hqja-hue2

vulnerability_id VCID-v81g-hqja-hue2

summary

URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_id

reference_type

scores

value	0.00447
scoring_system	epss
scoring_elements	0.63423
published_at	2026-04-01T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63542
published_at	2026-04-09T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63525
published_at	2026-04-08T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63473
published_at	2026-04-07T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63509
published_at	2026-04-13T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63483
published_at	2026-04-02T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63545
published_at	2026-04-16T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63543
published_at	2026-04-12T12:55:00Z

value	0.00447
scoring_system	epss
scoring_elements	0.63559
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_url

https://seclists.org/bugtraq/2019/May/21

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/May/21

reference_url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_url

https://www.debian.org/security/2019/dsa-4441

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4441

reference_url

http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106249

reference_url

https://symfony.com/cve-2018-19790

reference_id

CVE-2018-19790

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-19790

reference_url

https://github.com/advisories/GHSA-89r2-5g34-2g47

reference_id

GHSA-89r2-5g34-2g47

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89r2-5g34-2g47

fixed_packages

url pkg:composer/symfony/security@2.7.50

purl pkg:composer/symfony/security@2.7.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.50

url pkg:composer/symfony/security@2.8.49

purl pkg:composer/symfony/security@2.8.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.49

url pkg:composer/symfony/security@3.4.19

purl pkg:composer/symfony/security@3.4.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.4.19

url pkg:composer/symfony/security@4.0.15

purl pkg:composer/symfony/security@4.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.0.15

url pkg:composer/symfony/security@4.1.9

purl pkg:composer/symfony/security@4.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.1.9

url pkg:composer/symfony/security@4.2.1

purl pkg:composer/symfony/security@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-e71e-d4tr-wqgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@4.2.1

aliases CVE-2018-19790, GHSA-89r2-5g34-2g47

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v81g-hqja-hue2

Fixing_vulnerabilities

url VCID-mm7e-kb6c-vucx

vulnerability_id VCID-mm7e-kb6c-vucx

summary `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16652

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.44843
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44826
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44884
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4483
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44828
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4486
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44745
published_at	2026-04-01T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44847
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44788
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4484
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16652.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2017-16652.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16652.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url	https://github.com/symfony/symfony/pull/24995
reference_id
reference_type
scores
url	https://github.com/symfony/symfony/pull/24995

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16652

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16652

reference_url

https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::
reference_id	cpe:2.3:a:sensiolabs:symfony::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://symfony.com/cve-2017-16652

reference_id

CVE-2017-16652

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2017-16652

reference_url	http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers
reference_id	CVE-2017-16652-OPEN-REDIRECT-VULNERABILITY-ON-SECURITY-HANDLERS
reference_type
scores
url	http://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers

reference_url

https://github.com/advisories/GHSA-r7p7-qr7p-2rrf

reference_id

GHSA-r7p7-qr7p-2rrf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7p7-qr7p-2rrf

fixed_packages

url pkg:composer/symfony/security@2.7.38

purl pkg:composer/symfony/security@2.7.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-nsk8-bk5e-tbfh

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38

url pkg:composer/symfony/security@2.8.31

purl pkg:composer/symfony/security@2.8.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.31

url pkg:composer/symfony/security@3.2.14

purl pkg:composer/symfony/security@3.2.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.2.14

url pkg:composer/symfony/security@3.3.13

purl pkg:composer/symfony/security@3.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.13

aliases CVE-2017-16652, GHSA-r7p7-qr7p-2rrf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm7e-kb6c-vucx

url VCID-t2dx-5us4-mkf1

vulnerability_id VCID-t2dx-5us4-mkf1

summary

Cross-Site Request Forgery (CSRF)
The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16653

reference_id

reference_type

scores

value	0.00325
scoring_system	epss
scoring_elements	0.55528
published_at	2026-04-07T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.5559
published_at	2026-04-16T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55553
published_at	2026-04-13T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.5557
published_at	2026-04-12T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55591
published_at	2026-04-11T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55581
published_at	2026-04-09T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55579
published_at	2026-04-08T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55414
published_at	2026-04-01T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55526
published_at	2026-04-02T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.55551
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2403

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16654

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11385

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11386

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11406

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-csrf/CVE-2017-16653.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-16653.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-16653.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/b4dbdd7cd8732483d585eacff3428c16b07ad15e

reference_url

https://github.com/symfony/symfony/pull/24992

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/pull/24992

reference_url

https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https

reference_url

https://www.debian.org/security/2018/dsa-4262

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4262

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16653

reference_id

CVE-2017-16653

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16653

reference_url

https://symfony.com/cve-2017-16653

reference_id

CVE-2017-16653

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2017-16653

reference_url

https://github.com/advisories/GHSA-92x6-h2gr-8gxq

reference_id

GHSA-92x6-h2gr-8gxq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92x6-h2gr-8gxq

fixed_packages

url pkg:composer/symfony/security@2.7.38

purl pkg:composer/symfony/security@2.7.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-nsk8-bk5e-tbfh

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38

url pkg:composer/symfony/security@2.8.31

purl pkg:composer/symfony/security@2.8.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.31

url pkg:composer/symfony/security@3.2.14

purl pkg:composer/symfony/security@3.2.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.2.14

url pkg:composer/symfony/security@3.3.13

purl pkg:composer/symfony/security@3.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-556v-rym3-6yax

vulnerability	VCID-71vh-7wte-kfcx

vulnerability	VCID-bpkv-qrmp-huac

vulnerability	VCID-dqaj-qmbd-cya1

vulnerability	VCID-e71e-d4tr-wqgz

vulnerability	VCID-v81g-hqja-hue2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.13

aliases CVE-2017-16653, GHSA-92x6-h2gr-8gxq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2dx-5us4-mkf1

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38

Package Instance