Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/http-foundation@3.4.11
Typecomposer
Namespacesymfony
Namehttp-foundation
Version3.4.11
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.4.14
Latest_non_vulnerable_version7.3.7
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-nsuz-7sdv-abef
vulnerability_id VCID-nsuz-7sdv-abef
summary 
Insufficient Session Expiration
The `PDOSessionHandler` class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
references
0
reference_url https://symfony.com/cve-2018-11386
reference_id CVE-2018-11386
reference_type
scores
url https://symfony.com/cve-2018-11386
fixed_packages
0
url pkg:composer/symfony/http-foundation@2.8.41
purl pkg:composer/symfony/http-foundation@2.8.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@2.8.41
1
url pkg:composer/symfony/http-foundation@3.4.11
purl pkg:composer/symfony/http-foundation@3.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11
2
url pkg:composer/symfony/http-foundation@4.0.11
purl pkg:composer/symfony/http-foundation@4.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@4.0.11
aliases CVE-2018-11386
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuz-7sdv-abef
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/http-foundation@3.4.11