VulnerableCode Package Details - pkg:composer/symfony/security@2.7.13

Search for packages

Package details: pkg:composer/symfony/security@2.7.13

Essentials
History (1)

purl	pkg:composer/symfony/security@2.7.13

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-3f55-bpmb-xbf5	Symphony Denial of Service Via Overlong Usernames The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.	CVE-2016-4423 GHSA-whgv-8cg3-7hcm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T12:29:50.531300+00:00	GithubOSV Importer	Fixing	VCID-3f55-bpmb-xbf5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-whgv-8cg3-7hcm/GHSA-whgv-8cg3-7hcm.json	36.1.3