{"url":"http://public2.vulnerablecode.io/api/packages/56314?format=json","purl":"pkg:composer/symfony/security-csrf@2.7.37","type":"composer","namespace":"symfony","name":"security-csrf","version":"2.7.37","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.38","latest_non_vulnerable_version":"4.0.11","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40159?format=json","vulnerability_id":"VCID-dsbx-q641-4fc7","summary":"Cross-Site Request Forgery (CSRF)\nThe current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://symfony.com/cve-2017-16653"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56321?format=json","purl":"pkg:composer/symfony/security-csrf@2.7.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/56322?format=json","purl":"pkg:composer/symfony/security-csrf@2.8.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.31"},{"url":"http://public2.vulnerablecode.io/api/packages/56323?format=json","purl":"pkg:composer/symfony/security-csrf@3.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56324?format=json","purl":"pkg:composer/symfony/security-csrf@3.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56325?format=json","purl":"pkg:composer/symfony/security-csrf@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/56326?format=json","purl":"pkg:composer/symfony/security-csrf@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@4.0.0-BETA5"}],"aliases":["CVE-2017-16653"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsbx-q641-4fc7"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.37"}