VulnerableCode Package Details - pkg:composer/symfony/security-csrf@2.7.38

Search for packages

Vulnerability	Summary	Fixed by
VCID-556v-rym3-6yax Aliases: CVE-2018-11406 GHSA-g4g7-q726-v5hg	Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.	2.7.48 Affected by 0 other vulnerabilities. 2.8.41 Affected by 0 other vulnerabilities. 3.4.11 Affected by 0 other vulnerabilities. 4.0.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-556v-rym3-6yax
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg

Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

2.7.48
Affected by 0 other vulnerabilities.

2.8.41
Affected by 0 other vulnerabilities.

3.4.11
Affected by 0 other vulnerabilities.

4.0.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-t2dx-5us4-mkf1	Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.	CVE-2017-16653 GHSA-92x6-h2gr-8gxq

Vulnerability

Summary

Aliases

VCID-t2dx-5us4-mkf1

Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

CVE-2017-16653
GHSA-92x6-h2gr-8gxq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T21:57:55.228576+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.3.0
2026-04-11T21:56:19.242089+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.3.0
2026-04-02T22:11:16.429751+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.1.0
2026-04-02T22:09:43.266183+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.1.0
2026-04-01T16:27:00.427951+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.0.0
2026-04-01T16:01:39.913516+00:00	GHSA Importer	Fixing	VCID-t2dx-5us4-mkf1	https://github.com/advisories/GHSA-92x6-h2gr-8gxq	38.0.0
2026-04-01T13:07:41.331445+00:00	GithubOSV Importer	Fixing	VCID-t2dx-5us4-mkf1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92x6-h2gr-8gxq/GHSA-92x6-h2gr-8gxq.json	38.0.0
2026-04-01T12:47:55.250385+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.0.0