Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/symfony/security-http@3.4.21

Type composer

Namespace symfony

Name security-http

Version 3.4.21

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.4.52

Latest_non_vulnerable_version 8.0.12

Affected_by_vulnerabilities

url VCID-23hr-yznx-c3fb

vulnerability_id VCID-23hr-yznx-c3fb

summary

Improper Authentication
In Symfony, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50897
published_at	2026-06-05T12:55:00Z

value	0.00272
scoring_system	epss
scoring_elements	0.50835
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10911

reference_url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synology.com/security/advisory/Synology_SA_19_19

reference_url

https://symfony.com/cve-2019-10911

reference_id

CVE-2019-10911

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2019-10911

reference_url

https://github.com/advisories/GHSA-cchx-mfrc-fwqr

reference_id

GHSA-cchx-mfrc-fwqr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cchx-mfrc-fwqr

fixed_packages

url pkg:composer/symfony/security-http@3.4.26

purl pkg:composer/symfony/security-http@3.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-p6f7-utd6-eqej

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.26

url pkg:composer/symfony/security-http@4.1.12

purl pkg:composer/symfony/security-http@4.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23hr-yznx-c3fb

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-p6f7-utd6-eqej

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.1.12

url pkg:composer/symfony/security-http@4.2.7

purl pkg:composer/symfony/security-http@4.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-kktw-gsen-jyd8

vulnerability	VCID-p6f7-utd6-eqej

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.2.7

aliases CVE-2019-10911, GHSA-cchx-mfrc-fwqr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23hr-yznx-c3fb

url VCID-4f9e-eg67-cqbr

vulnerability_id VCID-4f9e-eg67-cqbr

summary

Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46734

reference_id

reference_type

scores

value	0.02588
scoring_system	epss
scoring_elements	0.85886
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54

reference_url

https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id	1055774
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46734

reference_id

CVE-2023-46734

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46734

reference_url

https://symfony.com/cve-2023-46734

reference_id

CVE-2023-46734

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2023-46734

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml

reference_id

CVE-2023-46734.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml

reference_url	https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id	GHSA-q847-2q57-wmr3
reference_type
scores
url	https://github.com/advisories/GHSA-q847-2q57-wmr3

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3

reference_id

GHSA-q847-2q57-wmr3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/

url

https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3

reference_url	https://usn.ubuntu.com/7272-1/
reference_id	USN-7272-1
reference_type
scores
url	https://usn.ubuntu.com/7272-1/

fixed_packages

url pkg:composer/symfony/security-http@5.0.0-BETA1

purl pkg:composer/symfony/security-http@5.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.0.0-BETA1

url pkg:composer/symfony/security-http@5.4.31

purl pkg:composer/symfony/security-http@5.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r7t3-q914-yuay

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.4.31

url pkg:composer/symfony/security-http@6.3.8

purl pkg:composer/symfony/security-http@6.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r7t3-q914-yuay

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8

aliases CVE-2023-46734, GHSA-q847-2q57-wmr3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr

url VCID-p6f7-utd6-eqej

vulnerability_id VCID-p6f7-utd6-eqej

summary

Information Exposure
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21424

reference_id

reference_type

scores

value	0.00337
scoring_system	epss
scoring_elements	0.56852
published_at	2026-06-05T12:55:00Z

value	0.00337
scoring_system	epss
scoring_elements	0.56801
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21424

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/lexik/jwt-authentication-bundle/CVE-2021-21424.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/maker-bundle/CVE-2021-21424.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2021-21424.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-guard/CVE-2021-21424.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2021-21424.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-21424.yaml

reference_url

https://github.com/symfony/symfony

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony

reference_url

https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011

reference_url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/07/msg00014.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3

reference_url

https://symfony.com/cve-2021-21424

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/cve-2021-21424

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21424

reference_id

CVE-2021-21424

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21424

reference_url

https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68

reference_id

GHSA-5pv8-ppvj-4h68

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68

reference_url	https://usn.ubuntu.com/USN-5290-1/
reference_id	USN-USN-5290-1
reference_type
scores
url	https://usn.ubuntu.com/USN-5290-1/

fixed_packages

url pkg:composer/symfony/security-http@4.0.0-BETA1

purl pkg:composer/symfony/security-http@4.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.0.0-BETA1

url pkg:composer/symfony/security-http@4.4.24

purl pkg:composer/symfony/security-http@4.4.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@4.4.24

url pkg:composer/symfony/security-http@5.0.0-BETA1

purl pkg:composer/symfony/security-http@5.0.0-BETA1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.0.0-BETA1

url pkg:composer/symfony/security-http@5.2.8

purl pkg:composer/symfony/security-http@5.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4f9e-eg67-cqbr

vulnerability	VCID-gjcx-wmhp-fqef

vulnerability	VCID-rfnv-6wry-z7f1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@5.2.8

aliases CVE-2021-21424, GHSA-5pv8-ppvj-4h68

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6f7-utd6-eqej

url VCID-rfnv-6wry-z7f1

vulnerability_id VCID-rfnv-6wry-z7f1

summary

Withdrawn Advisory: Symfony http-security has authentication bypass
## Withdrawn Advisory
This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.

## Original Description
In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36611

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26697
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36611

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611

reference_url

https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/

url

https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c

reference_url

https://github.com/github/advisory-database/pull/5046

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/

url

https://github.com/github/advisory-database/pull/5046

reference_url

https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/

url

https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132

reference_url

https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/

url

https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995

reference_url

https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/

url

https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
reference_id	1088817
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-36611

reference_id

CVE-2024-36611

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-36611

reference_url	https://github.com/advisories/GHSA-7q22-x757-cmgc
reference_id	GHSA-7q22-x757-cmgc
reference_type
scores
url	https://github.com/advisories/GHSA-7q22-x757-cmgc

fixed_packages

url pkg:composer/symfony/security-http@7.1.0

purl pkg:composer/symfony/security-http@7.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jytj-3drn-pbes

vulnerability	VCID-r7t3-q914-yuay

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.0

aliases CVE-2024-36611, GHSA-7q22-x757-cmgc

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfnv-6wry-z7f1

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@3.4.21

Package Instance