Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/serializer@5.4.31
Typecomposer
Namespacesymfony
Nameserializer
Version5.4.31
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version6.3.8
Latest_non_vulnerable_version6.3.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7hh3-16j3-4yaf
vulnerability_id VCID-7hh3-16j3-4yaf
summary 
Symfony possible session fixation vulnerability
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier does not change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46733
reference_id
reference_type
scores
0
value 0.01058
scoring_system epss
scoring_elements 0.77568
published_at 2026-04-02T12:55:00Z
1
value 0.01058
scoring_system epss
scoring_elements 0.77612
published_at 2026-04-09T12:55:00Z
2
value 0.01058
scoring_system epss
scoring_elements 0.77605
published_at 2026-04-08T12:55:00Z
3
value 0.01058
scoring_system epss
scoring_elements 0.77575
published_at 2026-04-07T12:55:00Z
4
value 0.01058
scoring_system epss
scoring_elements 0.77595
published_at 2026-04-04T12:55:00Z
5
value 0.01058
scoring_system epss
scoring_elements 0.77659
published_at 2026-04-16T12:55:00Z
6
value 0.01058
scoring_system epss
scoring_elements 0.77621
published_at 2026-04-13T12:55:00Z
7
value 0.01058
scoring_system epss
scoring_elements 0.77623
published_at 2026-04-12T12:55:00Z
8
value 0.01058
scoring_system epss
scoring_elements 0.77639
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46733
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9
3
reference_url https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775
reference_id 1055775
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46733
reference_id CVE-2023-46733
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46733
6
reference_url https://symfony.com/cve-2023-46733
reference_id CVE-2023-46733
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46733
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml
reference_id CVE-2023-46733.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml
8
reference_url https://github.com/advisories/GHSA-m2wj-r6g3-fxfx
reference_id GHSA-m2wj-r6g3-fxfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2wj-r6g3-fxfx
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx
reference_id GHSA-m2wj-r6g3-fxfx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx
fixed_packages
0
url pkg:composer/symfony/serializer@5.4.31
purl pkg:composer/symfony/serializer@5.4.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.4.31
1
url pkg:composer/symfony/serializer@6.3.8
purl pkg:composer/symfony/serializer@6.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@6.3.8
aliases CVE-2023-46733, GHSA-m2wj-r6g3-fxfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hh3-16j3-4yaf
1
url VCID-bdhj-np35-sybt
vulnerability_id VCID-bdhj-np35-sybt
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02089
scoring_system epss
scoring_elements 0.83967
published_at 2026-04-02T12:55:00Z
1
value 0.02089
scoring_system epss
scoring_elements 0.84016
published_at 2026-04-09T12:55:00Z
2
value 0.02089
scoring_system epss
scoring_elements 0.8401
published_at 2026-04-08T12:55:00Z
3
value 0.02089
scoring_system epss
scoring_elements 0.83986
published_at 2026-04-07T12:55:00Z
4
value 0.02089
scoring_system epss
scoring_elements 0.83982
published_at 2026-04-04T12:55:00Z
5
value 0.02089
scoring_system epss
scoring_elements 0.84045
published_at 2026-04-16T12:55:00Z
6
value 0.02089
scoring_system epss
scoring_elements 0.84021
published_at 2026-04-13T12:55:00Z
7
value 0.02089
scoring_system epss
scoring_elements 0.84025
published_at 2026-04-12T12:55:00Z
8
value 0.02089
scoring_system epss
scoring_elements 0.84032
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/serializer@5.0.0-BETA1
purl pkg:composer/symfony/serializer@5.0.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.0.0-BETA1
1
url pkg:composer/symfony/serializer@5.4.31
purl pkg:composer/symfony/serializer@5.4.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.4.31
2
url pkg:composer/symfony/serializer@6.3.8
purl pkg:composer/symfony/serializer@6.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdhj-np35-sybt
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/serializer@5.4.31