1. Home
  2. Packages
  3. composer
  4. symfony
  5. security-http

pkg:composer/symfony/security-http

Type composer
Namespace symfony
Name security-http

Known advisories, vulnerabilities and fixes for security-http package.

Repository
https://packagist.org/packages/symfony/security-http
High 7
Medium 6
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 2.7.0, < 2.7.7 >= 2.6.0, < 2.6.12 >= 2.5.0, < 2.6.0 >= 2.4.0, < 2.5.0 CVE-2015-8124
composer PHP:SYMFONY-SECURITY-HTTP-2015-8124 Session Fixation in the "Remember Me" Login Feature medium 2015-11-23T12:58:37
(8 years ago)
Affected >= 2.6.0, < 2.6.12 >= 2.7.0, < 2.7.7 >= 2.4.0, < 2.5.0 >= 2.5.0, < 2.6.0 CVE-2015-8125
composer PHP:SYMFONY-SECURITY-HTTP-2015-8125 Potential Remote Timing Attack Vulnerability in Security Remember-Me Service high 2015-11-23T12:41:36
(8 years ago)
Affected >= 2.7.0, < 2.7.13 >= 3.0.0, < 3.0.6 >= 2.6.0, < 2.7.0 >= 2.4.0, < 2.5.0 >= 2.5.0, < 2.6.0 >= 2.8.0, < 2.8.6 >= 2.3.0, < 2.3.41 CVE-2016-4423
composer PHP:SYMFONY-SECURITY-HTTP-2016-4423 Large username storage in session high 2016-05-09T21:21:30
(8 years ago)
Affected >= 2.8.0, < 2.8.31 >= 3.1.0, < 3.2.0 >= 3.2.0, < 3.2.14 >= 3.3.0, < 3.3.13 >= 3.0.0, < 3.1.0 >= 2.7.0, < 2.7.38 CVE-2017-16652
composer PHP:SYMFONY-SECURITY-HTTP-2017-16652 Open redirect vulnerability on security handlers medium 2017-11-16T15:20:19
(6 years ago)
Affected >= 2.5.0, < 2.7.48 >= 2.4.0, < 2.7.48 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 2.8.0, < 2.8.41 >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.11 >= 4.0.0, < 4.0.11 >= 3.3.0, < 3.3.17 >= 2.7.0, < 2.7.48 >= 2.6.0, < 2.7.48 CVE-2018-11385
composer PHP:SYMFONY-SECURITY-HTTP-2018-11385 Session Fixation Issue for Guard Authentication high 2018-05-25T11:46:22
(6 years ago)
Affected >= 2.5.0, < 2.7.48 >= 2.4.0, < 2.7.48 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 2.8.0, < 2.8.41 >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.11 >= 4.0.0, < 4.0.11 >= 3.3.0, < 3.3.17 >= 2.6.0, < 2.7.48 >= 2.7.0, < 2.7.48 CVE-2018-11406
composer PHP:SYMFONY-SECURITY-HTTP-2018-11406 CSRF Token Fixation high 2018-05-25T11:46:22
(6 years ago)
Affected >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.20 >= 2.8.0, < 2.8.49 >= 4.1.0, < 4.1.9 >= 3.3.0, < 3.4.0 >= 2.7.38, < 2.7.50 >= 4.0.0, < 4.0.15 >= 3.2.0, < 3.3.0 >= 4.2.0, < 4.2.1 >= 3.0.0, < 3.1.0 CVE-2018-19790
composer PHP:SYMFONY-SECURITY-HTTP-2018-19790 Open Redirect Vulnerability on login medium 2018-11-06T11:52:00
(5 years ago)
Affected >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.26 >= 2.8.0, < 2.8.50 >= 4.1.0, < 4.1.12 >= 3.3.0, < 3.4.0 >= 2.7.0, < 2.7.51 >= 4.0.0, < 4.1.0 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 4.2.0, < 4.2.7 CVE-2019-10911
composer PHP:SYMFONY-SECURITY-HTTP-2019-10911 Add a separator in the remember me cookie hash high 2019-04-16T10:54:35
(5 years ago)
Affected >= 4.2.0, < 4.2.12 >= 4.3.0, < 4.3.8 >= 4.1.0, < 4.2.0 CVE-2019-18886
composer PHP:SYMFONY-SECURITY-HTTP-2019-18886 Prevent user enumeration using switch user functionality medium 2019-11-13T08:00:00
(4 years ago)
Affected >= 5.0.0, < 5.0.7 >= 4.4.0, < 4.4.7 CVE-2020-5275
composer PHP:SYMFONY-SECURITY-HTTP-2020-5275 All rules set in "access_control" are required when the firewall is configured with the unanimous strategy high 2020-03-30T14:00:00
(4 years ago)
Affected >= 5.2.0, < 5.2.8 >= 5.1.0, < 5.2.0 CVE-2021-21424
composer PHP:SYMFONY-SECURITY-HTTP-2021-21424 Prevent user enumeration via response content in authentication mechanisms medium 2021-05-12T08:00:00
(3 years ago)
Affected >= 5.3.0, < 5.3.2 CVE-2021-32693
composer PHP:SYMFONY-SECURITY-HTTP-2021-32693 Authentication granted to all firewalls instead of just one high 2021-06-17T15:00:00
(3 years ago)
Affected >= 5.4.0, < 5.4.31 >= 6.1.0, < 6.2.0 >= 6.3.0, < 6.3.8 >= 6.2.0, < 6.3.0 >= 6.0.0, < 6.1.0 CVE-2023-46733
composer PHP:SYMFONY-SECURITY-HTTP-2023-46733 Possible session fixation medium 2023-11-10T08:00:00
(10 months ago)