VulnerableCode Package Details - pkg:composer/symfony/security-csrf@3.2.14

Search for packages

Vulnerability	Summary	Fixed by
VCID-556v-rym3-6yax Aliases: CVE-2018-11406 GHSA-g4g7-q726-v5hg	Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.	3.4.11 Affected by 0 other vulnerabilities. 4.0.11 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-556v-rym3-6yax
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg

Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

3.4.11
Affected by 0 other vulnerabilities.

4.0.11
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-t2dx-5us4-mkf1	Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.	CVE-2017-16653 GHSA-92x6-h2gr-8gxq

Vulnerability

Summary

Aliases

VCID-t2dx-5us4-mkf1

Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.

CVE-2017-16653
GHSA-92x6-h2gr-8gxq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T21:57:55.421307+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.3.0
2026-04-11T21:56:19.585015+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.3.0
2026-04-02T22:11:16.597350+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.1.0
2026-04-02T22:09:43.576587+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.1.0
2026-04-01T16:27:00.856783+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2018-11406.yml	38.0.0
2026-04-01T16:01:39.715649+00:00	GHSA Importer	Fixing	VCID-t2dx-5us4-mkf1	https://github.com/advisories/GHSA-92x6-h2gr-8gxq	38.0.0
2026-04-01T13:07:41.385446+00:00	GithubOSV Importer	Fixing	VCID-t2dx-5us4-mkf1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92x6-h2gr-8gxq/GHSA-92x6-h2gr-8gxq.json	38.0.0
2026-04-01T12:47:55.255400+00:00	GitLab Importer	Fixing	VCID-t2dx-5us4-mkf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml	38.0.0