Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-core@3.3.5
Typecomposer
Namespacesymfony
Namesecurity-core
Version3.3.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.48
Latest_non_vulnerable_version5.2.8
Affected_by_vulnerabilities
0
url VCID-dqaj-qmbd-cya1
vulnerability_id VCID-dqaj-qmbd-cya1
summary 
Improper Authentication
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a `null` password and valid username, which triggers an unauthenticated bind.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.34295
published_at 2026-04-12T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34335
published_at 2026-04-11T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.34307
published_at 2026-04-16T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34271
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40563
published_at 2026-04-01T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40653
published_at 2026-04-09T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40643
published_at 2026-04-08T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40593
published_at 2026-04-07T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40673
published_at 2026-04-04T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40644
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11407
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11407
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2018-11407.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-11407.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11407.yaml
5
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
6
reference_url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/b46fc93785d37ffa5d706a82cd175b33ce8f2934
7
reference_url https://github.com/symfony/symfony/pull/27377
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/27377
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11407
9
reference_url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*
11
reference_url https://symfony.com/cve-2018-11407
reference_id CVE-2018-11407
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2018-11407
12
reference_url https://github.com/advisories/GHSA-35c5-28pg-2qg4
reference_id GHSA-35c5-28pg-2qg4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35c5-28pg-2qg4
13
reference_url https://usn.ubuntu.com/USN-4836-1/
reference_id USN-USN-4836-1
reference_type
scores
url https://usn.ubuntu.com/USN-4836-1/
fixed_packages
0
url pkg:composer/symfony/security-core@3.3.17
purl pkg:composer/symfony/security-core@3.3.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.3.17
1
url pkg:composer/symfony/security-core@3.4.7
purl pkg:composer/symfony/security-core@3.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.4.7
2
url pkg:composer/symfony/security-core@4.0.7
purl pkg:composer/symfony/security-core@4.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@4.0.7
aliases CVE-2018-11407, GHSA-35c5-28pg-2qg4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqaj-qmbd-cya1
1
url VCID-e71e-d4tr-wqgz
vulnerability_id VCID-e71e-d4tr-wqgz
summary 
Prevent user enumeration using Guard or the new Authenticator-based Security
Description
-----------

The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user.

Resolution
----------

We now ensure that 403s are returned whether the user exists or not if the password is invalid or if the user does not exist.

The patch for this issue is available [here](https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011) for branch 3.4.

Credits
-------

I would like to thank James Isaac and Mathias Brodala for reporting the issue and Robin Chalas for fixing the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50055
published_at 2026-04-02T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50112
published_at 2026-04-16T12:55:00Z
2
value 0.00266
scoring_system epss
scoring_elements 0.50068
published_at 2026-04-13T12:55:00Z
3
value 0.00266
scoring_system epss
scoring_elements 0.50072
published_at 2026-04-12T12:55:00Z
4
value 0.00266
scoring_system epss
scoring_elements 0.50098
published_at 2026-04-11T12:55:00Z
5
value 0.00266
scoring_system epss
scoring_elements 0.50081
published_at 2026-04-09T12:55:00Z
6
value 0.00266
scoring_system epss
scoring_elements 0.50017
published_at 2026-04-01T12:55:00Z
7
value 0.00266
scoring_system epss
scoring_elements 0.50088
published_at 2026-04-08T12:55:00Z
8
value 0.00266
scoring_system epss
scoring_elements 0.50033
published_at 2026-04-07T12:55:00Z
9
value 0.00266
scoring_system epss
scoring_elements 0.50083
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21424
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml
8
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
9
reference_url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
11
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21424
21
reference_url https://symfony.com/cve-2021-21424
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-21424
22
reference_url https://github.com/advisories/GHSA-5pv8-ppvj-4h68
reference_id GHSA-5pv8-ppvj-4h68
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5pv8-ppvj-4h68
23
reference_url https://usn.ubuntu.com/USN-5290-1/
reference_id USN-USN-5290-1
reference_type
scores
url https://usn.ubuntu.com/USN-5290-1/
fixed_packages
0
url pkg:composer/symfony/security-core@3.4.48
purl pkg:composer/symfony/security-core@3.4.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.4.48
1
url pkg:composer/symfony/security-core@4.4.23
purl pkg:composer/symfony/security-core@4.4.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@4.4.23
2
url pkg:composer/symfony/security-core@5.2.8
purl pkg:composer/symfony/security-core@5.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@5.2.8
aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e71e-d4tr-wqgz
Fixing_vulnerabilities
0
url VCID-76y9-1jsf-rfez
vulnerability_id VCID-76y9-1jsf-rfez
summary 
Empty passwords validation issue
Validating a user password with a `UserPassword` constraint but with no `NotBlank` constraint passes without any error (the empty password would not be compared with the user password). Note that you should always be explicit and add a `NotBlank` constraint, but as it worked before without, it's considered as a backward compatibility break and a security issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11365
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.5778
published_at 2026-04-01T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.57888
published_at 2026-04-13T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.57908
published_at 2026-04-12T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.57931
published_at 2026-04-11T12:55:00Z
4
value 0.00356
scoring_system epss
scoring_elements 0.57915
published_at 2026-04-09T12:55:00Z
5
value 0.00356
scoring_system epss
scoring_elements 0.57914
published_at 2026-04-08T12:55:00Z
6
value 0.00356
scoring_system epss
scoring_elements 0.57859
published_at 2026-04-07T12:55:00Z
7
value 0.00356
scoring_system epss
scoring_elements 0.57884
published_at 2026-04-04T12:55:00Z
8
value 0.00356
scoring_system epss
scoring_elements 0.57864
published_at 2026-04-02T12:55:00Z
9
value 0.00356
scoring_system epss
scoring_elements 0.57917
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11365
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml
4
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
5
reference_url https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f
6
reference_url https://github.com/symfony/symfony/pull/23507
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/23507
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11365
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-11365
8
reference_url https://symfony.com/cve-2017-11365
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2017-11365
9
reference_url https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
reference_id CVE-2017-11365-EMPTY-PASSWORDS-VALIDATION-ISSUE
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
10
reference_url https://github.com/advisories/GHSA-q87v-q8fw-gmj5
reference_id GHSA-q87v-q8fw-gmj5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q87v-q8fw-gmj5
fixed_packages
0
url pkg:composer/symfony/security-core@2.7.32
purl pkg:composer/symfony/security-core@2.7.32
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.7.32
1
url pkg:composer/symfony/security-core@2.8.25
purl pkg:composer/symfony/security-core@2.8.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@2.8.25
2
url pkg:composer/symfony/security-core@3.2.12
purl pkg:composer/symfony/security-core@3.2.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.2.12
3
url pkg:composer/symfony/security-core@3.3.5
purl pkg:composer/symfony/security-core@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dqaj-qmbd-cya1
1
vulnerability VCID-e71e-d4tr-wqgz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.3.5
aliases CVE-2017-11365, GHSA-q87v-q8fw-gmj5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76y9-1jsf-rfez
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-core@3.3.5