VulnerableCode Package Details - pkg:composer/symfony/security-http@2.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/symfony/security-http@2.3.0

Essentials
History (1)

purl	pkg:composer/symfony/security-http@2.3.0
Tags	Ghost

Next non-vulnerable version	7.1.8
Latest non-vulnerable version	7.2.0-BETA1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-nsk8-bk5e-tbfh Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm	CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.	2.3.41 Affected by 0 other vulnerabilities. 2.7.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.6 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-nsk8-bk5e-tbfh
Aliases:
CVE-2016-4423
GHSA-whgv-8cg3-7hcm

CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

2.3.41
Affected by 0 other vulnerabilities.

2.7.13
Affected by 6 other vulnerabilities.

2.8.6
Affected by 8 other vulnerabilities.

3.0.6
Affected by 7 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:35.761970+00:00	GHSA Importer	Affected by	VCID-nsk8-bk5e-tbfh	https://github.com/advisories/GHSA-whgv-8cg3-7hcm	38.1.0