Search for packages
| purl | pkg:composer/symfony/symfony@2.8.0-alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-72pa-a6sv-fyg6
Aliases: CVE-2016-2403 GHSA-wvj5-r78r-hhfq |
Unauthorized access on a misconfigured LDAP server There's a flaw in `LdapBindAuthenticationProvider` that allows for an unauthorized access on a misconfigured LDAP server when using an empty password. Applications are affected only if they use the LDAP authentication provider. |
Affected by 30 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-nsk8-bk5e-tbfh
Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm |
CVE-2016-4423: Large username storage in session The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. |
Affected by 30 other vulnerabilities. Affected by 26 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:10.866567+00:00 | GitLab Importer | Affected by | VCID-72pa-a6sv-fyg6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-2403.yml | 38.0.0 |
| 2026-04-01T12:47:03.916459+00:00 | GitLab Importer | Affected by | VCID-nsk8-bk5e-tbfh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-4423.yml | 38.0.0 |