Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/security-bundle@3.4.0-BETA2
purl pkg:composer/symfony/security-bundle@3.4.0-BETA2
Next non-vulnerable version 3.4.11
Latest non-vulnerable version 7.1.3
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-ef86-hqv4-6kaz
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg
Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
3.4.11
Affected by 0 other vulnerabilities.
4.0.11
Affected by 0 other vulnerabilities.
VCID-tx26-92jc-rkff
Aliases:
CVE-2018-11408
GHSA-7hwc-2cq4-6x2w
URL Redirection to Untrusted Site (Open Redirect) The security handlers in the Security component in Symfony have an Open redirect vulnerability when `security.http_utils` is inlined by a container.
3.4.11
Affected by 0 other vulnerabilities.
4.0.11
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:13:14.711261+00:00 GitLab Importer Affected by VCID-ef86-hqv4-6kaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2018-11406.yml 38.6.0
2026-06-04T20:13:11.291476+00:00 GitLab Importer Affected by VCID-tx26-92jc-rkff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2018-11408.yml 38.6.0