VulnerableCode Package Details - pkg:composer/symfony/security@2.1.13

Search for packages

Vulnerability	Summary	Fixed by
VCID-556v-rym3-6yax Aliases: CVE-2018-11406 GHSA-g4g7-q726-v5hg	Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.	2.7.48 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.41 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.3.17 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-71vh-7wte-kfcx Aliases: CVE-2018-11385 GHSA-g4rg-rw65-8hfg	Session Fixation A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.	2.7.48 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.41 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.3.17 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.4.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-556v-rym3-6yax
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg

Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.

2.7.48
Affected by 5 other vulnerabilities.

2.8.41
Affected by 3 other vulnerabilities.

3.3.17
Affected by 6 other vulnerabilities.

3.4.11
Affected by 3 other vulnerabilities.

4.0.11
Affected by 3 other vulnerabilities.

VCID-71vh-7wte-kfcx
Aliases:
CVE-2018-11385
GHSA-g4rg-rw65-8hfg

Session Fixation A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

2.7.48
Affected by 5 other vulnerabilities.

2.8.41
Affected by 3 other vulnerabilities.

3.3.17
Affected by 6 other vulnerabilities.

3.4.11
Affected by 3 other vulnerabilities.

4.0.11
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hzwd-mq3r-qfcb	Uncontrolled Resource Consumption The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.	CVE-2013-5958 GHSA-cr49-fx2v-9p57

Vulnerability

Summary

Aliases

VCID-hzwd-mq3r-qfcb

Uncontrolled Resource Consumption The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

CVE-2013-5958
GHSA-cr49-fx2v-9p57

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:45:30.979066+00:00	GitLab Importer	Affected by	VCID-71vh-7wte-kfcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml	38.4.0
2026-04-16T20:45:29.775180+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml	38.4.0
2026-04-16T20:32:07.229356+00:00	GitLab Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2013-5958.yml	38.4.0
2026-04-11T21:56:17.840399+00:00	GitLab Importer	Affected by	VCID-71vh-7wte-kfcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml	38.3.0
2026-04-11T21:56:16.469654+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml	38.3.0
2026-04-11T21:42:30.642919+00:00	GitLab Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2013-5958.yml	38.3.0
2026-04-04T14:31:39.671032+00:00	GHSA Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://github.com/advisories/GHSA-cr49-fx2v-9p57	38.1.0
2026-04-02T22:09:42.030797+00:00	GitLab Importer	Affected by	VCID-71vh-7wte-kfcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml	38.1.0
2026-04-02T22:09:40.798995+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml	38.1.0
2026-04-02T21:56:39.094887+00:00	GitLab Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2013-5958.yml	38.1.0
2026-04-01T16:26:58.879442+00:00	GitLab Importer	Affected by	VCID-71vh-7wte-kfcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml	38.0.0
2026-04-01T16:26:57.453528+00:00	GitLab Importer	Affected by	VCID-556v-rym3-6yax	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml	38.0.0
2026-04-01T13:11:44.443943+00:00	GithubOSV Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr49-fx2v-9p57/GHSA-cr49-fx2v-9p57.json	38.0.0
2026-04-01T12:46:55.595517+00:00	GitLab Importer	Fixing	VCID-hzwd-mq3r-qfcb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2013-5958.yml	38.0.0