VulnerableCode Package Details - pkg:composer/symfony/security-http@4.0.0-BETA4

Search for packages

Vulnerability	Summary	Fixed by
VCID-4f9e-eg67-cqbr Aliases: CVE-2023-46734 GHSA-q847-2q57-wmr3	Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.	5.0.0-BETA1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.4.31 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 6.3.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rfnv-6wry-z7f1 Aliases: CVE-2024-36611 GHSA-7q22-x757-cmgc	Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.	7.1.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4f9e-eg67-cqbr
Aliases:
CVE-2023-46734
GHSA-q847-2q57-wmr3

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

5.0.0-BETA1
Affected by 1 other vulnerability.

5.4.31
Affected by 2 other vulnerabilities.

6.3.8
Affected by 2 other vulnerabilities.

VCID-rfnv-6wry-z7f1
Aliases:
CVE-2024-36611
GHSA-7q22-x757-cmgc

Withdrawn Advisory: Symfony http-security has authentication bypass ## Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. ## Original Description In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

7.1.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:32:59.577579+00:00	GitLab Importer	Affected by	VCID-rfnv-6wry-z7f1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml	38.6.0
2026-06-06T04:18:48.163260+00:00	GitLab Importer	Affected by	VCID-4f9e-eg67-cqbr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml	38.6.0

2026-06-06T05:32:59.577579+00:00

GitLab Importer

Affected by

VCID-rfnv-6wry-z7f1

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2024-36611.yml

38.6.0

2026-06-06T04:18:48.163260+00:00

GitLab Importer

Affected by

VCID-4f9e-eg67-cqbr

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2023-46734.yml

38.6.0

Next non-vulnerable version	5.4.52
Latest non-vulnerable version	8.0.12
Risk	3.4