Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/security-http@2.8.0-alpha0
purl pkg:composer/symfony/security-http@2.8.0-alpha0
Next non-vulnerable version 2.8.6
Latest non-vulnerable version 6.3.8
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-djnm-e9r4-c3f5
Aliases:
CVE-2017-16652
`DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
2.8.31
Affected by 0 other vulnerabilities.
3.2.14
Affected by 0 other vulnerabilities.
3.3.13
Affected by 0 other vulnerabilities.
3.4.0-BETA5
Affected by 0 other vulnerabilities.
4.0.0-BETA5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:37:53.943637+00:00 GitLab Importer Affected by VCID-djnm-e9r4-c3f5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2017-16652.yml 38.6.0