Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/symfony/security-http@6.2.8
Typecomposer
Namespacesymfony
Namesecurity-http
Version6.2.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.40
Latest_non_vulnerable_version8.0.12
Affected_by_vulnerabilities
0
url VCID-4f9e-eg67-cqbr
vulnerability_id VCID-4f9e-eg67-cqbr
summary 
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
reference_id
reference_type
scores
0
value 0.02588
scoring_system epss
scoring_elements 0.85888
published_at 2026-06-06T12:55:00Z
1
value 0.02588
scoring_system epss
scoring_elements 0.85886
published_at 2026-06-05T12:55:00Z
2
value 0.02588
scoring_system epss
scoring_elements 0.85869
published_at 2026-06-08T12:55:00Z
3
value 0.02588
scoring_system epss
scoring_elements 0.85884
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46734
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46734
2
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
3
reference_url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/5d095d5feb1322b16450284a04d6bb48d1198f54
4
reference_url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
5
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00019.html
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
reference_id 1055774
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46734
8
reference_url https://symfony.com/cve-2023-46734
reference_id CVE-2023-46734
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46734
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
reference_id CVE-2023-46734.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46734.yaml
10
reference_url https://github.com/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q847-2q57-wmr3
11
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
reference_id GHSA-q847-2q57-wmr3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:26Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
12
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@6.3.8
purl pkg:composer/symfony/security-http@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r7t3-q914-yuay
1
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8
aliases CVE-2023-46734, GHSA-q847-2q57-wmr3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f9e-eg67-cqbr
1
url VCID-r4d5-zcex-sbee
vulnerability_id VCID-r4d5-zcex-sbee
summary 
Cross-site scripting
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now does not return any user-submitted input in its response.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46735
reference_id
reference_type
scores
0
value 0.03113
scoring_system epss
scoring_elements 0.87093
published_at 2026-06-05T12:55:00Z
1
value 0.03113
scoring_system epss
scoring_elements 0.87081
published_at 2026-06-08T12:55:00Z
2
value 0.03113
scoring_system epss
scoring_elements 0.87085
published_at 2026-06-07T12:55:00Z
3
value 0.03113
scoring_system epss
scoring_elements 0.87091
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46735
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/
url https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46735
reference_id CVE-2023-46735
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46735
4
reference_url https://symfony.com/cve-2023-46735
reference_id CVE-2023-46735
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46735
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml
reference_id CVE-2023-46735.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yaml
6
reference_url https://github.com/advisories/GHSA-72x2-5c85-6wmr
reference_id GHSA-72x2-5c85-6wmr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72x2-5c85-6wmr
7
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr
reference_id GHSA-72x2-5c85-6wmr
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:14:14Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr
fixed_packages
0
url pkg:composer/symfony/security-http@6.3.8
purl pkg:composer/symfony/security-http@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r7t3-q914-yuay
1
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8
aliases CVE-2023-46735, GHSA-72x2-5c85-6wmr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4d5-zcex-sbee
2
url VCID-r7t3-q914-yuay
vulnerability_id VCID-r7t3-q914-yuay
summary 
Symfony has an Authentication Bypass via RememberMe
When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25297
published_at 2026-06-06T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25189
published_at 2026-06-08T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25247
published_at 2026-06-07T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25313
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51996
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
reference_id CVE-2024-51996
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51996
4
reference_url https://symfony.com/cve-2024-51996
reference_id CVE-2024-51996
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2024-51996
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
reference_id CVE-2024-51996.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2024-51996.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
reference_id CVE-2024-51996.YAML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-51996.yaml
7
reference_url https://github.com/advisories/GHSA-cg23-qf8f-62rr
reference_id GHSA-cg23-qf8f-62rr
reference_type
scores
url https://github.com/advisories/GHSA-cg23-qf8f-62rr
8
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
reference_id GHSA-cg23-qf8f-62rr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T18:49:11Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
9
reference_url https://usn.ubuntu.com/7272-1/
reference_id USN-7272-1
reference_type
scores
url https://usn.ubuntu.com/7272-1/
fixed_packages
0
url pkg:composer/symfony/security-http@6.4.15
purl pkg:composer/symfony/security-http@6.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.4.15
1
url pkg:composer/symfony/security-http@7.1.8
purl pkg:composer/symfony/security-http@7.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.8
2
url pkg:composer/symfony/security-http@7.2.0-BETA1
purl pkg:composer/symfony/security-http@7.2.0-BETA1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.2.0-BETA1
aliases CVE-2024-51996, GHSA-cg23-qf8f-62rr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7t3-q914-yuay
3
url VCID-rfnv-6wry-z7f1
vulnerability_id VCID-rfnv-6wry-z7f1
summary 
Withdrawn Advisory: Symfony http-security has authentication bypass
## Withdrawn Advisory
This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.

## Original Description
In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
reference_id
reference_type
scores
0
value 0.00097
scoring_system epss
scoring_elements 0.26593
published_at 2026-06-08T12:55:00Z
1
value 0.00097
scoring_system epss
scoring_elements 0.26648
published_at 2026-06-07T12:55:00Z
2
value 0.00097
scoring_system epss
scoring_elements 0.26687
published_at 2026-06-06T12:55:00Z
3
value 0.00097
scoring_system epss
scoring_elements 0.26697
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-36611
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36611
2
reference_url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c
3
reference_url https://github.com/github/advisory-database/pull/5046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/github/advisory-database/pull/5046
4
reference_url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132
5
reference_url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995
6
reference_url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T15:19:25Z/
url https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
reference_id 1088817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088817
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
reference_id CVE-2024-36611
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-36611
9
reference_url https://github.com/advisories/GHSA-7q22-x757-cmgc
reference_id GHSA-7q22-x757-cmgc
reference_type
scores
url https://github.com/advisories/GHSA-7q22-x757-cmgc
fixed_packages
0
url pkg:composer/symfony/security-http@7.1.0
purl pkg:composer/symfony/security-http@7.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jytj-3drn-pbes
1
vulnerability VCID-r7t3-q914-yuay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@7.1.0
aliases CVE-2024-36611, GHSA-7q22-x757-cmgc
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfnv-6wry-z7f1
4
url VCID-yz7m-n4f4-9bax
vulnerability_id VCID-yz7m-n4f4-9bax
summary 
Symfony possible session fixation vulnerability
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier does not change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46733
reference_id
reference_type
scores
0
value 0.01316
scoring_system epss
scoring_elements 0.80205
published_at 2026-06-08T12:55:00Z
1
value 0.01316
scoring_system epss
scoring_elements 0.80212
published_at 2026-06-07T12:55:00Z
2
value 0.01316
scoring_system epss
scoring_elements 0.80216
published_at 2026-06-06T12:55:00Z
3
value 0.01316
scoring_system epss
scoring_elements 0.80213
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46733
1
reference_url https://github.com/symfony/symfony
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony
2
reference_url https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/commit/7467bd7e3f888b333102bc664b5e02ef1e7f88b9
3
reference_url https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775
reference_id 1055775
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055775
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46733
reference_id CVE-2023-46733
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46733
6
reference_url https://symfony.com/cve-2023-46733
reference_id CVE-2023-46733
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2023-46733
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml
reference_id CVE-2023-46733.YAML
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46733.yaml
8
reference_url https://github.com/advisories/GHSA-m2wj-r6g3-fxfx
reference_id GHSA-m2wj-r6g3-fxfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2wj-r6g3-fxfx
9
reference_url https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx
reference_id GHSA-m2wj-r6g3-fxfx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:11:06Z/
url https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx
fixed_packages
0
url pkg:composer/symfony/security-http@6.3.8
purl pkg:composer/symfony/security-http@6.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r7t3-q914-yuay
1
vulnerability VCID-rfnv-6wry-z7f1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.3.8
aliases CVE-2023-46733, GHSA-m2wj-r6g3-fxfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz7m-n4f4-9bax
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-http@6.2.8