VulnerableCode Package Details - pkg:composer/symfony/security-http@2.6.12

Search for packages

Vulnerability	Summary	Fixed by
VCID-bdhj-np35-sybt Aliases: CVE-2023-46734 GHSA-q847-2q57-wmr3	Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.	5.0.0-BETA1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.4.31 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nsk8-bk5e-tbfh Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm	CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.	2.7.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.6 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.6 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v4rq-bsry-puct Aliases: CVE-2024-36611 GHSA-7q22-x757-cmgc	Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.	7.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bdhj-np35-sybt
Aliases:
CVE-2023-46734
GHSA-q847-2q57-wmr3

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

5.0.0-BETA1
Affected by 1 other vulnerability.

5.4.31
Affected by 2 other vulnerabilities.

6.3.8
Affected by 2 other vulnerabilities.

VCID-nsk8-bk5e-tbfh
Aliases:
CVE-2016-4423
GHSA-whgv-8cg3-7hcm

CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.

2.7.13
Affected by 6 other vulnerabilities.

2.8.6
Affected by 8 other vulnerabilities.

3.0.6
Affected by 7 other vulnerabilities.

VCID-v4rq-bsry-puct
Aliases:
CVE-2024-36611
GHSA-7q22-x757-cmgc

Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

7.1.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-5u5z-qzg2-sbhg	Information Exposure Through Timing Discrepancy Symfony allows remote attackers to have unspecified impact via a timing attack.	CVE-2015-8125 GHSA-g97c-jfx6-xvxh
VCID-fy39-ys3p-5ucm	Session Fixation Session fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.	CVE-2015-8124 GHSA-j5jh-hpr4-h332

Vulnerability

Summary

Aliases

VCID-5u5z-qzg2-sbhg

Information Exposure Through Timing Discrepancy Symfony allows remote attackers to have unspecified impact via a timing attack.

CVE-2015-8125
GHSA-g97c-jfx6-xvxh

VCID-fy39-ys3p-5ucm

Session Fixation Session fixation vulnerability in the `Remember Me` login feature in Symfony allows remote attackers to hijack web sessions via a session id.

CVE-2015-8124
GHSA-j5jh-hpr4-h332

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:15:50.452653+00:00	GitLab Importer	Affected by	VCID-v4rq-bsry-puct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.4.0
2026-04-16T22:43:01.055008+00:00	GitLab Importer	Affected by	VCID-bdhj-np35-sybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.4.0
2026-04-16T20:34:08.008820+00:00	GitLab Importer	Affected by	VCID-nsk8-bk5e-tbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2016-4423.yml	38.4.0
2026-04-16T20:33:06.060889+00:00	GitLab Importer	Fixing	VCID-fy39-ys3p-5ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8124.yml	38.4.0
2026-04-16T20:33:04.799281+00:00	GitLab Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8125.yml	38.4.0
2026-04-12T00:34:30.262506+00:00	GitLab Importer	Affected by	VCID-v4rq-bsry-puct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.3.0
2026-04-12T00:02:34.163386+00:00	GitLab Importer	Affected by	VCID-bdhj-np35-sybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.3.0
2026-04-11T21:44:35.680070+00:00	GitLab Importer	Affected by	VCID-nsk8-bk5e-tbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2016-4423.yml	38.3.0
2026-04-11T21:43:29.488560+00:00	GitLab Importer	Fixing	VCID-fy39-ys3p-5ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8124.yml	38.3.0
2026-04-11T21:43:28.111799+00:00	GitLab Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8125.yml	38.3.0
2026-04-04T14:31:28.692350+00:00	GHSA Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://github.com/advisories/GHSA-g97c-jfx6-xvxh	38.1.0
2026-04-04T14:30:47.546125+00:00	GHSA Importer	Fixing	VCID-fy39-ys3p-5ucm	https://github.com/advisories/GHSA-j5jh-hpr4-h332	38.1.0
2026-04-03T00:42:14.733212+00:00	GitLab Importer	Affected by	VCID-v4rq-bsry-puct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.1.0
2026-04-03T00:05:33.629718+00:00	GitLab Importer	Affected by	VCID-bdhj-np35-sybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.1.0
2026-04-02T21:58:40.227260+00:00	GitLab Importer	Affected by	VCID-nsk8-bk5e-tbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2016-4423.yml	38.1.0
2026-04-02T21:57:37.229704+00:00	GitLab Importer	Fixing	VCID-fy39-ys3p-5ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8124.yml	38.1.0
2026-04-02T21:57:35.985313+00:00	GitLab Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8125.yml	38.1.0
2026-04-01T16:15:55.840458+00:00	GitLab Importer	Affected by	VCID-nsk8-bk5e-tbfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2016-4423.yml	38.0.0
2026-04-01T13:08:57.814826+00:00	GithubOSV Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g97c-jfx6-xvxh/GHSA-g97c-jfx6-xvxh.json	38.0.0
2026-04-01T13:08:13.838365+00:00	GithubOSV Importer	Fixing	VCID-fy39-ys3p-5ucm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j5jh-hpr4-h332/GHSA-j5jh-hpr4-h332.json	38.0.0
2026-04-01T12:46:59.698912+00:00	GitLab Importer	Fixing	VCID-fy39-ys3p-5ucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8124.yml	38.0.0
2026-04-01T12:46:59.614303+00:00	GitLab Importer	Fixing	VCID-5u5z-qzg2-sbhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2015-8125.yml	38.0.0