Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-bundle@2.0.0
Typecomposer
Namespacesymfony
Namesecurity-bundle
Version2.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.7.48
Latest_non_vulnerable_version6.2.6
Affected_by_vulnerabilities
0
url VCID-c3qr-9rv2-yqh9
vulnerability_id VCID-c3qr-9rv2-yqh9
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
reference_id
reference_type
scores
url https://github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
reference_id
reference_type
scores
url https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
3
reference_url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
reference_id CVE-2022-24895
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24895
5
reference_url https://symfony.com/cve-2022-24895
reference_id CVE-2022-24895
reference_type
scores
url https://symfony.com/cve-2022-24895
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
reference_id CVE-2022-24895.YAML
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
8
reference_url https://github.com/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
url https://github.com/advisories/GHSA-3gv2-29qc-v67m
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
reference_id GHSA-3gv2-29qc-v67m
reference_type
scores
url https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
fixed_packages
0
url pkg:composer/symfony/security-bundle@4.4.50
purl pkg:composer/symfony/security-bundle@4.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@4.4.50
1
url pkg:composer/symfony/security-bundle@5.4.20
purl pkg:composer/symfony/security-bundle@5.4.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@5.4.20
2
url pkg:composer/symfony/security-bundle@6.0.20
purl pkg:composer/symfony/security-bundle@6.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.0.20
3
url pkg:composer/symfony/security-bundle@6.1.12
purl pkg:composer/symfony/security-bundle@6.1.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.1.12
4
url pkg:composer/symfony/security-bundle@6.2.6
purl pkg:composer/symfony/security-bundle@6.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@6.2.6
aliases CVE-2022-24895, GHSA-3gv2-29qc-v67m, GMS-2023-210, GMS-2023-211
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qr-9rv2-yqh9
1
url VCID-ef86-hqv4-6kaz
vulnerability_id VCID-ef86-hqv4-6kaz
summary 
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
references
0
reference_url https://symfony.com/cve-2018-11406
reference_id CVE-2018-11406
reference_type
scores
url https://symfony.com/cve-2018-11406
fixed_packages
0
url pkg:composer/symfony/security-bundle@2.8.41
purl pkg:composer/symfony/security-bundle@2.8.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.8.41
1
url pkg:composer/symfony/security-bundle@3.4.11
purl pkg:composer/symfony/security-bundle@3.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@3.4.11
2
url pkg:composer/symfony/security-bundle@4.0.11
purl pkg:composer/symfony/security-bundle@4.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@4.0.11
aliases CVE-2018-11406
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-bundle@2.0.0