Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/symfony/security@2.7.38
purl pkg:composer/symfony/security@2.7.38
Next non-vulnerable version 2.7.51
Latest non-vulnerable version 4.4.24
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-556v-rym3-6yax
Aliases:
CVE-2018-11406
GHSA-g4g7-q726-v5hg
Cross-Site Request Forgery (CSRF) By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the `invalidate_session` option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
2.7.48
Affected by 5 other vulnerabilities.
2.8.41
Affected by 3 other vulnerabilities.
3.3.17
Affected by 6 other vulnerabilities.
3.4.11
Affected by 3 other vulnerabilities.
4.0.11
Affected by 3 other vulnerabilities.
VCID-71vh-7wte-kfcx
Aliases:
CVE-2018-11385
GHSA-g4rg-rw65-8hfg
Session Fixation A session fixation vulnerability within the `Guard` login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
2.7.48
Affected by 5 other vulnerabilities.
2.8.41
Affected by 3 other vulnerabilities.
3.3.17
Affected by 6 other vulnerabilities.
3.4.11
Affected by 3 other vulnerabilities.
4.0.11
Affected by 3 other vulnerabilities.
VCID-bpkv-qrmp-huac
Aliases:
CVE-2019-10911
GHSA-cchx-mfrc-fwqr
Improper Authentication In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
2.7.51
Affected by 0 other vulnerabilities.
2.8.50
Affected by 1 other vulnerability.
3.4.26
Affected by 1 other vulnerability.
4.1.12
Affected by 2 other vulnerabilities.
4.2.7
Affected by 1 other vulnerability.
VCID-nsk8-bk5e-tbfh
Aliases:
CVE-2016-4423
GHSA-whgv-8cg3-7hcm
CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
2.8.6
Affected by 8 other vulnerabilities.
3.0.6
Affected by 8 other vulnerabilities.
VCID-v81g-hqja-hue2
Aliases:
CVE-2018-19790
GHSA-89r2-5g34-2g47
URL Redirection to Untrusted Site (Open Redirect) By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login.
2.7.50
Affected by 1 other vulnerability.
2.8.49
Affected by 2 other vulnerabilities.
3.4.19
Affected by 2 other vulnerabilities.
4.0.15
Affected by 2 other vulnerabilities.
4.1.9
Affected by 2 other vulnerabilities.
4.2.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-mm7e-kb6c-vucx `DefaultAuthenticationSuccessHandler` or `DefaultAuthenticationFailureHandler` take the content of the `_target_path` parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks. CVE-2017-16652
GHSA-r7p7-qr7p-2rrf
VCID-t2dx-5us4-mkf1 Cross-Site Request Forgery (CSRF) The current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS. CVE-2017-16653
GHSA-92x6-h2gr-8gxq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:54:28.368137+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.4.0
2026-04-16T20:50:38.049039+00:00 GitLab Importer Affected by VCID-v81g-hqja-hue2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-19790.yml 38.4.0
2026-04-16T20:47:05.956519+00:00 GitLab Importer Fixing VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.4.0
2026-04-16T20:45:31.427594+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.4.0
2026-04-16T20:45:30.226004+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.4.0
2026-04-16T20:45:24.519986+00:00 GitLab Importer Fixing VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.4.0
2026-04-16T20:34:06.845224+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.4.0
2026-04-11T22:05:26.852389+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.3.0
2026-04-11T22:01:16.891708+00:00 GitLab Importer Affected by VCID-v81g-hqja-hue2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-19790.yml 38.3.0
2026-04-11T21:57:57.291661+00:00 GitLab Importer Fixing VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.3.0
2026-04-11T21:56:18.396020+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.3.0
2026-04-11T21:56:17.006540+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.3.0
2026-04-11T21:56:10.585096+00:00 GitLab Importer Fixing VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.3.0
2026-04-11T21:44:34.358945+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.3.0
2026-04-04T14:30:31.709653+00:00 GHSA Importer Fixing VCID-mm7e-kb6c-vucx https://github.com/advisories/GHSA-r7p7-qr7p-2rrf 38.1.0
2026-04-04T14:30:12.804453+00:00 GHSA Importer Affected by VCID-v81g-hqja-hue2 https://github.com/advisories/GHSA-89r2-5g34-2g47 38.1.0
2026-04-02T22:18:18.311760+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.1.0
2026-04-02T22:14:19.921596+00:00 GitLab Importer Affected by VCID-v81g-hqja-hue2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-19790.yml 38.1.0
2026-04-02T22:11:18.263420+00:00 GitLab Importer Fixing VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.1.0
2026-04-02T22:09:42.488963+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.1.0
2026-04-02T22:09:41.269109+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.1.0
2026-04-02T22:09:35.661242+00:00 GitLab Importer Fixing VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.1.0
2026-04-02T21:58:39.072598+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.1.0
2026-04-01T16:35:59.469369+00:00 GitLab Importer Affected by VCID-bpkv-qrmp-huac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2019-10911.yml 38.0.0
2026-04-01T16:26:59.415427+00:00 GitLab Importer Affected by VCID-71vh-7wte-kfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11385.yml 38.0.0
2026-04-01T16:26:57.994201+00:00 GitLab Importer Affected by VCID-556v-rym3-6yax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-11406.yml 38.0.0
2026-04-01T16:15:54.569743+00:00 GitLab Importer Affected by VCID-nsk8-bk5e-tbfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 38.0.0
2026-04-01T16:01:39.780710+00:00 GHSA Importer Fixing VCID-t2dx-5us4-mkf1 https://github.com/advisories/GHSA-92x6-h2gr-8gxq 38.0.0
2026-04-01T13:11:14.191204+00:00 GithubOSV Importer Fixing VCID-mm7e-kb6c-vucx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r7p7-qr7p-2rrf/GHSA-r7p7-qr7p-2rrf.json 38.0.0
2026-04-01T13:07:41.436204+00:00 GithubOSV Importer Fixing VCID-t2dx-5us4-mkf1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-92x6-h2gr-8gxq/GHSA-92x6-h2gr-8gxq.json 38.0.0
2026-04-01T12:48:11.374716+00:00 GitLab Importer Affected by VCID-v81g-hqja-hue2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2018-19790.yml 38.0.0
2026-04-01T12:47:55.420595+00:00 GitLab Importer Fixing VCID-t2dx-5us4-mkf1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16653.yml 38.0.0
2026-04-01T12:47:47.577912+00:00 GitLab Importer Fixing VCID-mm7e-kb6c-vucx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2017-16652.yml 38.0.0