VulnerableCode Package Details - pkg:composer/symfony/security-csrf@3.2.0-alpha0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/security-csrf@3.2.0-alpha0

purl	pkg:composer/symfony/security-csrf@3.2.0-alpha0

Next non-vulnerable version	3.2.14
Latest non-vulnerable version	4.0.11
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-dsbx-q641-4fc7 Aliases: CVE-2017-16653	Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.	3.2.14 Affected by 0 other vulnerabilities. 3.3.13 Affected by 0 other vulnerabilities. 3.4.0-BETA5 Affected by 0 other vulnerabilities. 4.0.0-BETA5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dsbx-q641-4fc7
Aliases:
CVE-2017-16653

Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

3.2.14
Affected by 0 other vulnerabilities.

3.3.13
Affected by 0 other vulnerabilities.

3.4.0-BETA5
Affected by 0 other vulnerabilities.

4.0.0-BETA5
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:38:09.688621+00:00	GitLab Importer	Affected by	VCID-dsbx-q641-4fc7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.6.0