Search for packages
| purl | pkg:composer/symfony/symfony@3.0.0-alpha |
| Tags | Ghost |
| Next non-vulnerable version | 5.4.46 |
| Latest non-vulnerable version | 7.2.0-BETA1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3f55-bpmb-xbf5
Aliases: CVE-2016-4423 GHSA-whgv-8cg3-7hcm |
Symphony Denial of Service Via Overlong Usernames The attemptAuthentication function in `Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php` in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. |
Affected by 24 other vulnerabilities. |
|
VCID-s59j-vhxh-47e3
Aliases: CVE-2016-2403 GHSA-wvj5-r78r-hhfq |
Symfony Authentication Bypass Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. |
Affected by 24 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:10:21.138484+00:00 | GitLab Importer | Affected by | VCID-s59j-vhxh-47e3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-2403.yml | 36.1.3 |
| 2025-07-01T18:10:13.269305+00:00 | GitLab Importer | Affected by | VCID-3f55-bpmb-xbf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/symfony/CVE-2016-4423.yml | 36.1.3 |