Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-csrf@2.8.41
Typecomposer
Namespacesymfony
Namesecurity-csrf
Version2.8.41
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.14
Latest_non_vulnerable_version4.0.11
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-ef86-hqv4-6kaz
vulnerability_id VCID-ef86-hqv4-6kaz
summary 
Cross-Site Request Forgery (CSRF)
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
references
0
reference_url https://symfony.com/cve-2018-11406
reference_id CVE-2018-11406
reference_type
scores
url https://symfony.com/cve-2018-11406
fixed_packages
0
url pkg:composer/symfony/security-csrf@2.7.48
purl pkg:composer/symfony/security-csrf@2.7.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.48
1
url pkg:composer/symfony/security-csrf@2.8.41
purl pkg:composer/symfony/security-csrf@2.8.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.41
2
url pkg:composer/symfony/security-csrf@3.4.11
purl pkg:composer/symfony/security-csrf@3.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.4.11
3
url pkg:composer/symfony/security-csrf@4.0.11
purl pkg:composer/symfony/security-csrf@4.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@4.0.11
aliases CVE-2018-11406
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ef86-hqv4-6kaz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.41