VulnerableCode Package Details - pkg:composer/symfony/security-http@2.7.50

Search for packages

Vulnerability	Summary	Fixed by
VCID-bdhj-np35-sybt Aliases: CVE-2023-46734 GHSA-q847-2q57-wmr3	Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.	5.0.0-BETA1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.4.31 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bpkv-qrmp-huac Aliases: CVE-2019-10911 GHSA-cchx-mfrc-fwqr	Improper Authentication In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.	2.7.51 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.50 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.26 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.1.12 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.2.7 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v4rq-bsry-puct Aliases: CVE-2024-36611 GHSA-7q22-x757-cmgc	Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.	7.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bdhj-np35-sybt
Aliases:
CVE-2023-46734
GHSA-q847-2q57-wmr3

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

5.0.0-BETA1
Affected by 1 other vulnerability.

5.4.31
Affected by 2 other vulnerabilities.

6.3.8
Affected by 2 other vulnerabilities.

VCID-bpkv-qrmp-huac
Aliases:
CVE-2019-10911
GHSA-cchx-mfrc-fwqr

Improper Authentication In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.

2.7.51
Affected by 2 other vulnerabilities.

2.8.50
Affected by 3 other vulnerabilities.

3.4.26
Affected by 3 other vulnerabilities.

4.1.12
Affected by 5 other vulnerabilities.

4.2.7
Affected by 4 other vulnerabilities.

VCID-v4rq-bsry-puct
Aliases:
CVE-2024-36611
GHSA-7q22-x757-cmgc

Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

7.1.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-v81g-hqja-hue2	URL Redirection to Untrusted Site (Open Redirect) By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.	CVE-2018-19790 GHSA-89r2-5g34-2g47

Vulnerability

Summary

Aliases

VCID-v81g-hqja-hue2

URL Redirection to Untrusted Site (Open Redirect) By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.

CVE-2018-19790
GHSA-89r2-5g34-2g47

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T00:34:30.472113+00:00	GitLab Importer	Affected by	VCID-v4rq-bsry-puct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.3.0
2026-04-12T00:02:34.380173+00:00	GitLab Importer	Affected by	VCID-bdhj-np35-sybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.3.0
2026-04-11T22:05:22.897290+00:00	GitLab Importer	Affected by	VCID-bpkv-qrmp-huac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2019-10911.yml	38.3.0
2026-04-11T22:01:19.732393+00:00	GitLab Importer	Fixing	VCID-v81g-hqja-hue2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2018-19790.yml	38.3.0
2026-04-04T14:30:12.066753+00:00	GHSA Importer	Fixing	VCID-v81g-hqja-hue2	https://github.com/advisories/GHSA-89r2-5g34-2g47	38.1.0
2026-04-03T00:42:14.931829+00:00	GitLab Importer	Affected by	VCID-v4rq-bsry-puct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.1.0
2026-04-03T00:05:33.830650+00:00	GitLab Importer	Affected by	VCID-bdhj-np35-sybt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.1.0
2026-04-02T22:18:14.922553+00:00	GitLab Importer	Affected by	VCID-bpkv-qrmp-huac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2019-10911.yml	38.1.0
2026-04-02T22:14:22.510555+00:00	GitLab Importer	Fixing	VCID-v81g-hqja-hue2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2018-19790.yml	38.1.0
2026-04-01T16:35:55.658089+00:00	GitLab Importer	Affected by	VCID-bpkv-qrmp-huac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2019-10911.yml	38.0.0
2026-04-01T13:11:42.123076+00:00	GithubOSV Importer	Fixing	VCID-v81g-hqja-hue2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-89r2-5g34-2g47/GHSA-89r2-5g34-2g47.json	38.0.0
2026-04-01T12:48:11.685844+00:00	GitLab Importer	Fixing	VCID-v81g-hqja-hue2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2018-19790.yml	38.0.0