Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-http@5.3.0
Typecomposer
Namespacesymfony
Namesecurity-http
Version5.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.4.52
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-4f9e-eg67-cqbr
vulnerability_id VCID-4f9e-eg67-cqbr
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02588
scoring_system epss
scoring_elements 0.85888
published_at 2026-06-06T12:55:00Z
1
value 0.02588
scoring_system epss
scoring_elements 0.85886
published_at 2026-06-05T12:55:00Z
2
value 0.02588
scoring_system epss
scoring_elements 0.85884
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.31
purl pkg:composer/symfony/security-http@5.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r7t3-q914-yuay
1
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.31
1
url pkg:composer/symfony/security-http@6.3.8
purl pkg:composer/symfony/security-http@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r7t3-q914-yuay
1
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr
1
url VCID-gjcx-wmhp-fqef
vulnerability_id VCID-gjcx-wmhp-fqef
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
`Symfony/Http-Kernel` is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the `trusted_headers` allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the `trusted_headers` allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
reference_id
reference_type
scores
0
value 0.00462
scoring_system epss
scoring_elements 0.64548
published_at 2026-06-05T12:55:00Z
1
value 0.00462
scoring_system epss
scoring_elements 0.64545
published_at 2026-06-07T12:55:00Z
2
value 0.00462
scoring_system epss
scoring_elements 0.64557
published_at 2026-06-06T12:55:00Z
3
value 0.00462
scoring_system epss
scoring_elements 0.64506
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41267
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2021-41267.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41267.yaml
3
reference_url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487
4
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
5
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
6
reference_url https://symfony.com/cve-2021-41267
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41267
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
reference_id CVE-2021-41267
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41267
8
reference_url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3j3-w37x-hq2q
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
reference_id GHSA-q3j3-w37x-hq2q
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.0-BETA1
purl pkg:composer/symfony/security-http@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-r7t3-q914-yuay
2
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0-BETA1
1
url pkg:composer/symfony/security-http@5.4.0
purl pkg:composer/symfony/security-http@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-r7t3-q914-yuay
2
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0
aliases CVE-2021-41267, GHSA-q3j3-w37x-hq2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjcx-wmhp-fqef
2
url VCID-maa6-3dqx-mycm
vulnerability_id VCID-maa6-3dqx-mycm
summary 
Session Fixation
`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.65214
published_at 2026-06-04T12:55:00Z
1
value 0.00476
scoring_system epss
scoring_elements 0.65254
published_at 2026-06-07T12:55:00Z
2
value 0.00476
scoring_system epss
scoring_elements 0.65267
published_at 2026-06-06T12:55:00Z
3
value 0.00476
scoring_system epss
scoring_elements 0.65256
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
5
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
6
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
7
reference_url https://symfony.com/cve-2021-41268
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41268
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
reference_id CVE-2021-41268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
9
reference_url https://github.com/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw36-p97w-vcqr
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.0-BETA1
purl pkg:composer/symfony/security-http@5.4.0-BETA1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-r7t3-q914-yuay
2
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0-BETA1
1
url pkg:composer/symfony/security-http@5.4.0
purl pkg:composer/symfony/security-http@5.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-r7t3-q914-yuay
2
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.0
aliases CVE-2021-41268, GHSA-qw36-p97w-vcqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-maa6-3dqx-mycm
3
url VCID-p8rt-zb6p-9kfn
vulnerability_id VCID-p8rt-zb6p-9kfn
summary 
Improper Authentication
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting, a patch ensures that the authenticated token is only available for the firewall that generates it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32693
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44325
published_at 2026-06-04T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44378
published_at 2026-06-07T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.44402
published_at 2026-06-06T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44393
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32693
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-32693.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-32693.yaml
3
reference_url https://github.com/symfony/security-http
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/security-http
4
reference_url https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
5
reference_url https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
6
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
7
reference_url https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
8
reference_url https://symfony.com/cve-2021-32693
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-32693
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32693
reference_id CVE-2021-32693
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32693
10
reference_url https://github.com/advisories/GHSA-rfcf-m67m-jcrq
reference_id GHSA-rfcf-m67m-jcrq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfcf-m67m-jcrq
fixed_packages
0
url pkg:composer/symfony/security-http@5.3.2
purl pkg:composer/symfony/security-http@5.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-gjcx-wmhp-fqef
2
vulnerability VCID-maa6-3dqx-mycm
3
vulnerability VCID-r7t3-q914-yuay
4
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.3.2
1
url pkg:composer/symfony/security-http@6.1.0-RC1
purl pkg:composer/symfony/security-http@6.1.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f9e-eg67-cqbr
1
vulnerability VCID-r4d5-zcex-sbee
2
vulnerability VCID-r7t3-q914-yuay
3
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.1.0-RC1
aliases CVE-2021-32693, GHSA-rfcf-m67m-jcrq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p8rt-zb6p-9kfn
4
url VCID-r7t3-q914-yuay
vulnerability_id VCID-r7t3-q914-yuay
summary 
Symfony has an Authentication Bypass via RememberMe
When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25247
published_at 2026-06-07T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25297
published_at 2026-06-06T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25313
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
reference_id CVE-2024-51996
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
4
reference_url https://symfony.com/cve-2024-51996
reference_id CVE-2024-51996
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-51996
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
reference_id CVE-2024-51996.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
reference_id CVE-2024-51996.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
7
reference_url https://github.com/advisories/GHSA-cg23-qf8f-62rr
reference_id GHSA-cg23-qf8f-62rr
reference_type
scores
url https://github.com/advisories/GHSA-cg23-qf8f-62rr
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
reference_id GHSA-cg23-qf8f-62rr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@5.4.47
purl pkg:composer/symfony/security-http@5.4.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.47
1
url pkg:composer/symfony/security-http@6.4.15
purl pkg:composer/symfony/security-http@6.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.4.15
2
url pkg:composer/symfony/security-http@7.1.8
purl pkg:composer/symfony/security-http@7.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.8
3
url pkg:composer/symfony/security-http@7.2.0-BETA1
purl pkg:composer/symfony/security-http@7.2.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.2.0-BETA1
aliases CVE-2024-51996, GHSA-cg23-qf8f-62rr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7t3-q914-yuay
5
url VCID-rfnv-6wry-z7f1
vulnerability_id VCID-rfnv-6wry-z7f1
summary 
Withdrawn Advisory: Symfony http-security has authentication bypass
## Withdrawn Advisory
This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.

## Original Description
In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26648
published_at 2026-06-07T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26687
published_at 2026-06-06T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26697
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
2
reference_url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
3
reference_url https://github.com/github/advisory-database/pull/5046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/github/advisory-database/pull/5046
4
reference_url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
5
reference_url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
6
reference_url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
reference_id 1088817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
reference_id CVE-2024-36611
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
9
reference_url https://github.com/advisories/GHSA-7q22-x757-cmgc
reference_id GHSA-7q22-x757-cmgc
reference_type
scores
url https://github.com/advisories/GHSA-7q22-x757-cmgc
fixed_packages
0
url pkg:composer/symfony/security-http@7.1.0
purl pkg:composer/symfony/security-http@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jytj-3drn-pbes
1
vulnerability VCID-r7t3-q914-yuay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.0
aliases CVE-2024-36611, GHSA-7q22-x757-cmgc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfnv-6wry-z7f1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.3.0