pkg:composer/symfony/security-csrf
Type
composer
Namespace
symfony
Name
security-csrf
Known advisories, vulnerabilities and fixes for security-csrf package.
High
1
Medium
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 2.7.0, < 2.7.38 >= 3.0.0, < 3.1.0 >= 3.3.0, < 3.3.13 >= 3.2.0, < 3.2.14 >= 3.1.0, < 3.2.0 >= 2.8.0, < 2.8.31 |
CVE-2017-16653
|
 PHP:SYMFONY-SECURITY-CSRF-2017-16653
|
CSRF protection does not use different tokens for HTTP and HTTPS | medium |
2017-11-16T15:12:07
(6 years ago) |
|
| Affected | >= 3.0.0, < 3.1.0 >= 2.4.0, < 2.7.48 >= 2.5.0, < 2.7.48 >= 3.2.0, < 3.3.0 >= 4.0.0, < 4.0.11 >= 2.7.0, < 2.7.48 >= 2.6.0, < 2.7.48 >= 3.3.0, < 3.3.17 >= 2.8.0, < 2.8.41 >= 3.4.0, < 3.4.11 >= 3.1.0, < 3.2.0 |
CVE-2018-11406
|
PHP:SYMFONY-SECURITY-CSRF-2018-11406
|
CSRF Token Fixation | high |
2018-05-25T12:44:29
(6 years ago) |