VulnerableCode Package Details - pkg:composer/symfony/security-bundle@5.3.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-kqcd-f4vt-r7g8 Aliases: CVE-2021-41268 GHSA-qw36-p97w-vcqr	Session Fixation `Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.	5.3.12 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.4.0-BETA1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-thtp-ehsj-t3ej Aliases: CVE-2022-24895 GHSA-3gv2-29qc-v67m GMS-2023-210 GMS-2023-211	Duplicate This advisory duplicates another.	5.4.20 Affected by 0 other vulnerabilities. 6.0.20 Affected by 0 other vulnerabilities. 6.1.12 Affected by 0 other vulnerabilities. 6.2.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-kqcd-f4vt-r7g8
Aliases:
CVE-2021-41268
GHSA-qw36-p97w-vcqr

Session Fixation `Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.

5.3.12
Affected by 1 other vulnerability.

5.4.0-BETA1
Affected by 1 other vulnerability.

VCID-thtp-ehsj-t3ej
Aliases:
CVE-2022-24895
GHSA-3gv2-29qc-v67m
GMS-2023-210
GMS-2023-211

Duplicate This advisory duplicates another.

5.4.20
Affected by 0 other vulnerabilities.

6.0.20
Affected by 0 other vulnerabilities.

6.1.12
Affected by 0 other vulnerabilities.

6.2.6
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T23:38:55.193972+00:00	GitLab Importer	Affected by	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.3.0
2026-04-11T22:48:54.278081+00:00	GitLab Importer	Affected by	VCID-kqcd-f4vt-r7g8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2021-41268.yml	38.3.0
2026-04-02T23:43:09.198302+00:00	GitLab Importer	Affected by	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.1.0
2026-04-02T22:58:26.888778+00:00	GitLab Importer	Affected by	VCID-kqcd-f4vt-r7g8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2021-41268.yml	38.1.0
2026-04-01T18:05:59.503541+00:00	GitLab Importer	Affected by	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.0.0
2026-04-01T17:17:02.189715+00:00	GitLab Importer	Affected by	VCID-kqcd-f4vt-r7g8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2021-41268.yml	38.0.0