Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/security-guard@4.0.0

Type composer

Namespace symfony

Name security-guard

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.0.11

Latest_non_vulnerable_version 4.0.11

Affected_by_vulnerabilities

url VCID-vyug-krcw-jyef

vulnerability_id VCID-vyug-krcw-jyef

summary

Session Fixation
A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

references

reference_url	https://symfony.com/cve-2018-11385
reference_id	CVE-2018-11385
reference_type
scores
url	https://symfony.com/cve-2018-11385

fixed_packages

url	pkg:composer/symfony/security-guard@4.0.11
purl	pkg:composer/symfony/security-guard@4.0.11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-guard@4.0.11

aliases CVE-2018-11385

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyug-krcw-jyef

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-guard@4.0.0

Package Instance