Search for packages
| purl | pkg:composer/symfony/security-csrf@2.7.0-alpha0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-wdzq-fpju-2uf5
Aliases: CVE-2017-16653 GHSA-92x6-h2gr-8gxq |
Symfony CSRF Vulnerability An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:11:06.435603+00:00 | GitLab Importer | Affected by | VCID-wdzq-fpju-2uf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-csrf/CVE-2017-16653.yml | 36.1.3 |