Search for packages
| purl | pkg:composer/symfony/security-bundle@3.4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9kvc-6wbe-1fdf
Aliases: CVE-2018-11406 GHSA-g4g7-q726-v5hg |
Symfony CSRF Token Fixation An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-h1am-9nz5-b3cu
Aliases: CVE-2018-11408 GHSA-7hwc-2cq4-6x2w |
Symfony Open Redirect The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:27:19.831078+00:00 | GitLab Importer | Affected by | VCID-9kvc-6wbe-1fdf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2018-11406.yml | 37.0.0 |
| 2025-07-03T17:27:15.609215+00:00 | GitLab Importer | Affected by | VCID-h1am-9nz5-b3cu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2018-11408.yml | 37.0.0 |