Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/security-http@4.2.1

Type composer

Namespace symfony

Name security-http

Version 4.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.3.8

Latest_non_vulnerable_version 8.0.12

Affected_by_vulnerabilities

url VCID-23hr-yznx-c3fb

vulnerability_id VCID-23hr-yznx-c3fb

summary

Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50835
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://symfony.com/cve-2019-10911

reference_id

CVE-2019-10911

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10911

fixed_packages

url pkg:composer/symfony/security-http@4.2.7

purl pkg:composer/symfony/security-http@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.7

aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb

url VCID-kktw-gsen-jyd8

vulnerability_id VCID-kktw-gsen-jyd8

summary

Information Exposure
An issue was discovered in Symfony. The ability to enumerate users was possible due to different handling depending on whether the user existed when making unauthorized attempts to use the switch users functionality.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18886

reference_id

reference_type

scores

value	0.01546
scoring_system	epss
scoring_elements	0.81727
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18886

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-18886.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-18886.yaml

reference_url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/releases/tag/v4.3.8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18886

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18886

reference_url

https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality

reference_url

https://symfony.com/blog/symfony-4-3-8-released

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/symfony-4-3-8-released

reference_url

https://symfony.com/cve-2019-18886

reference_id

CVE-2019-18886

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-18886

fixed_packages

url pkg:composer/symfony/security-http@4.2.12

purl pkg:composer/symfony/security-http@4.2.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.12

url	pkg:composer/symfony/security-http@4.3.8
purl	pkg:composer/symfony/security-http@4.3.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.3.8

aliases CVE-2019-18886, GHSA-4vpc-5jx4-cfqg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kktw-gsen-jyd8

Fixing_vulnerabilities

url VCID-mew1-9shg-mugs

vulnerability_id VCID-mew1-9shg-mugs

summary

URL Redirection to Untrusted Site (Open Redirect)
By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_id

reference_type

scores

value	0.00447
scoring_system	epss
scoring_elements	0.63833
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19790

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2018-19790.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-19790.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/99a0cec0a6be39ce5ef38386e57339603b33ee5b

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TD3E7FZIXLVFG3SMFJPDEKPZ26TJOW7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZMRJ7VTHCY5AZK24G4QGX36RLUDTDKE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OA4WVFN5FYPIXAPLWZI6N425JHHDSWAZ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-19790

reference_url

https://seclists.org/bugtraq/2019/May/21

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/May/21

reference_url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http

reference_url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227095826/http://www.securityfocus.com/bid/106249

reference_url

https://www.debian.org/security/2019/dsa-4441

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2019/dsa-4441

reference_url

http://www.securityfocus.com/bid/106249

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106249

reference_url

https://symfony.com/cve-2018-19790

reference_id

CVE-2018-19790

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2018-19790

fixed_packages

url pkg:composer/symfony/security-http@2.7.50

purl pkg:composer/symfony/security-http@2.7.50

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.7.50

url pkg:composer/symfony/security-http@2.8.49

purl pkg:composer/symfony/security-http@2.8.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@2.8.49

url pkg:composer/symfony/security-http@3.4.20

purl pkg:composer/symfony/security-http@3.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.20

url pkg:composer/symfony/security-http@4.0.15

purl pkg:composer/symfony/security-http@4.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.15

url pkg:composer/symfony/security-http@4.1.9

purl pkg:composer/symfony/security-http@4.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.1.9

url pkg:composer/symfony/security-http@4.2.1

purl pkg:composer/symfony/security-http@4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-kktw-gsen-jyd8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.1

aliases CVE-2018-19790, GHSA-89r2-5g34-2g47

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mew1-9shg-mugs

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.1

Package Instance