Search for packages
| purl | pkg:composer/symfony/security-http@2.8.0-alpha |
| Tags | Ghost |
| Next non-vulnerable version | 7.1.8 |
| Latest non-vulnerable version | 7.2.0-BETA1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3f55-bpmb-xbf5
Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm |
Symphony Denial of Service Via Overlong Usernames The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. |
Affected by 8 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:10:13.307589+00:00 | GitLab Importer | Affected by | VCID-3f55-bpmb-xbf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-http/CVE-2016-4423.yml | 36.1.3 |