Search for packages
Package details: pkg:composer/symfony/security@2.8.6
purl pkg:composer/symfony/security@2.8.6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3f55-bpmb-xbf5 Symphony Denial of Service Via Overlong Usernames The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. CVE-2016-4423
GHSA-whgv-8cg3-7hcm
VCID-s59j-vhxh-47e3 Symfony Authentication Bypass Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. CVE-2016-2403
GHSA-wvj5-r78r-hhfq

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:10:21.118680+00:00 GitLab Importer Fixing VCID-s59j-vhxh-47e3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-2403.yml 36.1.3
2025-07-01T18:10:13.243438+00:00 GitLab Importer Fixing VCID-3f55-bpmb-xbf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security/CVE-2016-4423.yml 36.1.3
2025-07-01T12:29:50.563248+00:00 GithubOSV Importer Fixing VCID-3f55-bpmb-xbf5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-whgv-8cg3-7hcm/GHSA-whgv-8cg3-7hcm.json 36.1.3
2025-07-01T12:26:29.660739+00:00 GithubOSV Importer Fixing VCID-s59j-vhxh-47e3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wvj5-r78r-hhfq/GHSA-wvj5-r78r-hhfq.json 36.1.3