VulnerableCode Package Details - pkg:composer/symfony/security-csrf@3.2.0-alpha0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/security-csrf@3.2.0-alpha0

purl	pkg:composer/symfony/security-csrf@3.2.0-alpha0
Tags	Ghost

Next non-vulnerable version	3.4.11
Latest non-vulnerable version	4.0.11
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-t2dx-5us4-mkf1 Aliases: CVE-2017-16653 GHSA-92x6-h2gr-8gxq	Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.	3.2.14 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.3.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.4.0-BETA5 Affected by 0 other vulnerabilities. 4.0.0-BETA5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-t2dx-5us4-mkf1
Aliases:
CVE-2017-16653
GHSA-92x6-h2gr-8gxq

Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

3.2.14
Affected by 1 other vulnerability.

3.3.13
Affected by 1 other vulnerability.

3.4.0-BETA5
Affected by 0 other vulnerabilities.

4.0.0-BETA5
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:47:55.189340+00:00	GitLab Importer	Affected by	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.0.0