Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security@5.3.0
Typecomposer
Namespacesymfony
Namesecurity
Version5.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-kqcd-f4vt-r7g8
vulnerability_id VCID-kqcd-f4vt-r7g8
summary 
Session Fixation
`Symfony/SecurityBundle` is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.65039
published_at 2026-05-14T12:55:00Z
1
value 0.00476
scoring_system epss
scoring_elements 0.64778
published_at 2026-04-01T12:55:00Z
2
value 0.00476
scoring_system epss
scoring_elements 0.64828
published_at 2026-04-02T12:55:00Z
3
value 0.00476
scoring_system epss
scoring_elements 0.64855
published_at 2026-04-04T12:55:00Z
4
value 0.00476
scoring_system epss
scoring_elements 0.64818
published_at 2026-04-07T12:55:00Z
5
value 0.00476
scoring_system epss
scoring_elements 0.64868
published_at 2026-04-08T12:55:00Z
6
value 0.00476
scoring_system epss
scoring_elements 0.64883
published_at 2026-04-09T12:55:00Z
7
value 0.00476
scoring_system epss
scoring_elements 0.649
published_at 2026-04-16T12:55:00Z
8
value 0.00476
scoring_system epss
scoring_elements 0.64891
published_at 2026-04-12T12:55:00Z
9
value 0.00476
scoring_system epss
scoring_elements 0.64863
published_at 2026-04-13T12:55:00Z
10
value 0.00476
scoring_system epss
scoring_elements 0.64911
published_at 2026-04-18T12:55:00Z
11
value 0.00476
scoring_system epss
scoring_elements 0.64896
published_at 2026-04-21T12:55:00Z
12
value 0.00476
scoring_system epss
scoring_elements 0.64914
published_at 2026-04-24T12:55:00Z
13
value 0.00476
scoring_system epss
scoring_elements 0.64927
published_at 2026-04-26T12:55:00Z
14
value 0.00476
scoring_system epss
scoring_elements 0.64922
published_at 2026-04-29T12:55:00Z
15
value 0.00476
scoring_system epss
scoring_elements 0.64903
published_at 2026-05-05T12:55:00Z
16
value 0.00476
scoring_system epss
scoring_elements 0.6495
published_at 2026-05-07T12:55:00Z
17
value 0.00476
scoring_system epss
scoring_elements 0.64992
published_at 2026-05-09T12:55:00Z
18
value 0.00476
scoring_system epss
scoring_elements 0.64962
published_at 2026-05-11T12:55:00Z
19
value 0.00476
scoring_system epss
scoring_elements 0.64982
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41268
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2021-41268.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2021-41268.yaml
3
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
4
reference_url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc
5
reference_url https://github.com/symfony/symfony/pull/44243
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/pull/44243
6
reference_url https://github.com/symfony/symfony/releases/tag/v5.3.12
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/releases/tag/v5.3.12
7
reference_url https://symfony.com/cve-2021-41268
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2021-41268
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
reference_id CVE-2021-41268
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41268
9
reference_url https://github.com/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qw36-p97w-vcqr
10
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
reference_id GHSA-qw36-p97w-vcqr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
fixed_packages
0
url pkg:composer/symfony/security@5.3.12
purl pkg:composer/symfony/security@5.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@5.3.12
aliases CVE-2021-41268, GHSA-qw36-p97w-vcqr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kqcd-f4vt-r7g8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@5.3.0