{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40159?format=json","vulnerability_id":"VCID-dsbx-q641-4fc7","summary":"Cross-Site Request Forgery (CSRF)\nThe current implementation of CSRF protection in Symfony does not use different tokens for HTTP and HTTPS.","aliases":[{"alias":"CVE-2017-16653"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55893?format=json","purl":"pkg:composer/symfony/security@2.7.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mew1-9shg-mugs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/55894?format=json","purl":"pkg:composer/symfony/security@2.8.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.31"},{"url":"http://public2.vulnerablecode.io/api/packages/55895?format=json","purl":"pkg:composer/symfony/security@3.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55896?format=json","purl":"pkg:composer/symfony/security@3.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56321?format=json","purl":"pkg:composer/symfony/security-csrf@2.7.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/56322?format=json","purl":"pkg:composer/symfony/security-csrf@2.8.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.31"},{"url":"http://public2.vulnerablecode.io/api/packages/56323?format=json","purl":"pkg:composer/symfony/security-csrf@3.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56324?format=json","purl":"pkg:composer/symfony/security-csrf@3.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56325?format=json","purl":"pkg:composer/symfony/security-csrf@3.4.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.4.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/56326?format=json","purl":"pkg:composer/symfony/security-csrf@4.0.0-BETA5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@4.0.0-BETA5"},{"url":"http://public2.vulnerablecode.io/api/packages/55847?format=json","purl":"pkg:composer/symfony/symfony@2.7.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-tx26-92jc-rkff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/55849?format=json","purl":"pkg:composer/symfony/symfony@3.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/55850?format=json","purl":"pkg:composer/symfony/symfony@3.3.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.13"},{"url":"http://public2.vulnerablecode.io/api/packages/55828?format=json","purl":"pkg:composer/symfony/symfony@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-frbz-vpfe-vbh9"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-nsuz-7sdv-abef"},{"vulnerability":"VCID-qqd1-smb1-sbe8"},{"vulnerability":"VCID-tx26-92jc-rkff"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-zeut-9wfp-q7et"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@4.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52445?format=json","purl":"pkg:composer/symfony/security@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/53263?format=json","purl":"pkg:composer/symfony/security@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14k5-2gnt-8qgd"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@2.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52723?format=json","purl":"pkg:composer/symfony/security@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14k5-2gnt-8qgd"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-ef86-hqv4-6kaz"},{"vulnerability":"VCID-mew1-9shg-mugs"},{"vulnerability":"VCID-uuk9-e5qy-rfgf"},{"vulnerability":"VCID-vyug-krcw-jyef"},{"vulnerability":"VCID-x4nv-gvag-7qf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55892?format=json","purl":"pkg:composer/symfony/security@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56313?format=json","purl":"pkg:composer/symfony/security-csrf@2.7.0-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.0-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/56314?format=json","purl":"pkg:composer/symfony/security-csrf@2.7.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.7.37"},{"url":"http://public2.vulnerablecode.io/api/packages/56315?format=json","purl":"pkg:composer/symfony/security-csrf@2.8.0-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.0-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/56316?format=json","purl":"pkg:composer/symfony/security-csrf@2.8.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@2.8.30"},{"url":"http://public2.vulnerablecode.io/api/packages/56317?format=json","purl":"pkg:composer/symfony/security-csrf@3.2.0-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.2.0-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/56318?format=json","purl":"pkg:composer/symfony/security-csrf@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56319?format=json","purl":"pkg:composer/symfony/security-csrf@3.3.0-alpha0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.3.0-alpha0"},{"url":"http://public2.vulnerablecode.io/api/packages/56320?format=json","purl":"pkg:composer/symfony/security-csrf@3.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/security-csrf@3.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/52429?format=json","purl":"pkg:composer/symfony/symfony@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-23hr-yznx-c3fb"},{"vulnerability":"VCID-6c6t-kmb3-2qcm"},{"vulnerability":"VCID-7m45-bvbn-4qd3"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-gjuz-mjah-e3bj"},{"vulnerability":"VCID-ty9b-xe8v-r7ag"},{"vulnerability":"VCID-uk5a-g7em-gygd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55840?format=json","purl":"pkg:composer/symfony/symfony@2.7.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@2.7.37"},{"url":"http://public2.vulnerablecode.io/api/packages/56296?format=json","purl":"pkg:composer/symfony/symfony@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55844?format=json","purl":"pkg:composer/symfony/symfony@3.2.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.2.13"},{"url":"http://public2.vulnerablecode.io/api/packages/56127?format=json","purl":"pkg:composer/symfony/symfony@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1y96-v19f-tkgg"},{"vulnerability":"VCID-3qct-gbgt-kkbb"},{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55846?format=json","purl":"pkg:composer/symfony/symfony@3.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-djnm-e9r4-c3f5"},{"vulnerability":"VCID-dsbx-q641-4fc7"},{"vulnerability":"VCID-xdtu-22ad-63aq"},{"vulnerability":"VCID-xj13-fspe-hfgv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56297?format=json","purl":"pkg:composer/symfony/symfony@3.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56298?format=json","purl":"pkg:composer/symfony/symfony@3.8.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dsbx-q641-4fc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/symfony/symfony@3.8.30"}],"references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16653"},{"reference_url":"https://github.com/symfony/symfony/pull/24992","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/symfony/symfony/pull/24992"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16653"},{"reference_url":"https://symfony.com/cve-2017-16653","reference_id":"CVE-2017-16653","reference_type":"","scores":[],"url":"https://symfony.com/cve-2017-16653"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsbx-q641-4fc7"}