Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-core@2.7.32
Typecomposer
Namespacesymfony
Namesecurity-core
Version2.7.32
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.4.48
Latest_non_vulnerable_version5.2.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-76y9-1jsf-rfez
vulnerability_id VCID-76y9-1jsf-rfez
summary 
Empty passwords validation issue
Validating a user password with a `UserPassword` constraint but with no `NotBlank` constraint passes without any error (the empty password would not be compared with the user password). Note that you should always be explicit and add a `NotBlank` constraint, but as it worked before without, it's considered as a backward compatibility break and a security issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11365
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.57915
published_at 2026-04-09T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.57864
published_at 2026-04-02T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.57894
published_at 2026-04-21T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.57916
published_at 2026-04-18T12:55:00Z
4
value 0.00356
scoring_system epss
scoring_elements 0.57917
published_at 2026-04-16T12:55:00Z
5
value 0.00356
scoring_system epss
scoring_elements 0.57888
published_at 2026-04-13T12:55:00Z
6
value 0.00356
scoring_system epss
scoring_elements 0.57908
published_at 2026-04-12T12:55:00Z
7
value 0.00356
scoring_system epss
scoring_elements 0.57931
published_at 2026-04-11T12:55:00Z
8
value 0.00356
scoring_system epss
scoring_elements 0.5778
published_at 2026-04-01T12:55:00Z
9
value 0.00356
scoring_system epss
scoring_elements 0.57884
published_at 2026-04-04T12:55:00Z
10
value 0.00356
scoring_system epss
scoring_elements 0.57859
published_at 2026-04-07T12:55:00Z
11
value 0.00356
scoring_system epss
scoring_elements 0.57914
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11365
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
6
reference_url https://github.com/symfony/symfony/pull/23507
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/23507
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11365
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-11365
8
reference_url https://symfony.com/cve-2017-11365
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-11365
9
reference_url https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
reference_id CVE-2017-11365-EMPTY-PASSWORDS-VALIDATION-ISSUE
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
10
reference_url https://github.com/advisories/GHSA-q87v-q8fw-gmj5
reference_id GHSA-q87v-q8fw-gmj5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q87v-q8fw-gmj5
fixed_packages
0
url pkg:composer/symfony/security-core@2.7.32
purl pkg:composer/symfony/security-core@2.7.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.7.32
1
url pkg:composer/symfony/security-core@2.8.25
purl pkg:composer/symfony/security-core@2.8.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.8.25
2
url pkg:composer/symfony/security-core@3.2.12
purl pkg:composer/symfony/security-core@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.2.12
3
url pkg:composer/symfony/security-core@3.3.5
purl pkg:composer/symfony/security-core@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.3.5
aliases CVE-2017-11365, GHSA-q87v-q8fw-gmj5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76y9-1jsf-rfez
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.7.32