VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9x61-7xns-b7h1

Essentials
Severities (20)
References (19)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9x61-7xns-b7h1
Aliases	CVE-2019-10911 GHSA-cchx-mfrc-fwqr
Summary	Improper authentication in Symfony In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-287	Improper Authentication

System	Score	Found at
epss	0.00331	https://api.first.org/data/v1/epss?cve=CVE-2019-10911
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-cchx-mfrc-fwqr
cvssv3.1	7.5	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
generic_textual	HIGH	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
cvssv3.1	7.5	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
generic_textual	HIGH	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
cvssv3.1	7.5	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
generic_textual	HIGH	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
cvssv3.1	7.5	https://github.com/symfony/symfony
generic_textual	HIGH	https://github.com/symfony/symfony
cvssv3.1	7.5	https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
generic_textual	HIGH	https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2019-10911
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2019-10911
cvssv3.1	7.5	https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
generic_textual	HIGH	https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
cvssv3.1	7.5	https://symfony.com/cve-2019-10911
generic_textual	HIGH	https://symfony.com/cve-2019-10911
cvssv3.1	7.5	https://www.synology.com/security/advisory/Synology_SA_19_19
generic_textual	HIGH	https://www.synology.com/security/advisory/Synology_SA_19_19

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2019-10911
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14773
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10909
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10910
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10911
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10912
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10913
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml
		https://github.com/symfony/symfony
		https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081
		https://nvd.nist.gov/vuln/detail/CVE-2019-10911
		https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
		https://symfony.com/cve-2019-10911
		https://www.synology.com/security/advisory/Synology_SA_19_19
GHSA-cchx-mfrc-fwqr		https://github.com/advisories/GHSA-cchx-mfrc-fwqr

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2019-10911.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-http/CVE-2019-10911.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10911.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10911

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://symfony.com/cve-2019-10911

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.synology.com/security/advisory/Synology_SA_19_19

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.55376
EPSS Score	0.00331
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:17:00.216998+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-cchx-mfrc-fwqr/GHSA-cchx-mfrc-fwqr.json	36.1.3