pkg:composer/symfony/security-http
Type
composer
Namespace
symfony
Name
security-http
Known advisories, vulnerabilities and fixes for security-http package.
High
7
Medium
6
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 2.7.0, < 2.7.7 >= 2.6.0, < 2.6.12 >= 2.5.0, < 2.6.0 >= 2.4.0, < 2.5.0 |
CVE-2015-8124
|
PHP:SYMFONY-SECURITY-HTTP-2015-8124 | Session Fixation in the "Remember Me" Login Feature | medium |
2015-11-23T12:58:37
(8 years ago) |
|
Affected | >= 2.6.0, < 2.6.12 >= 2.7.0, < 2.7.7 >= 2.4.0, < 2.5.0 >= 2.5.0, < 2.6.0 |
CVE-2015-8125
|
PHP:SYMFONY-SECURITY-HTTP-2015-8125 | Potential Remote Timing Attack Vulnerability in Security Remember-Me Service | high |
2015-11-23T12:41:36
(8 years ago) |
|
Affected | >= 2.7.0, < 2.7.13 >= 3.0.0, < 3.0.6 >= 2.6.0, < 2.7.0 >= 2.4.0, < 2.5.0 >= 2.5.0, < 2.6.0 >= 2.8.0, < 2.8.6 >= 2.3.0, < 2.3.41 |
CVE-2016-4423
|
PHP:SYMFONY-SECURITY-HTTP-2016-4423 | Large username storage in session | high |
2016-05-09T21:21:30
(8 years ago) |
|
Affected | >= 2.8.0, < 2.8.31 >= 3.1.0, < 3.2.0 >= 3.2.0, < 3.2.14 >= 3.3.0, < 3.3.13 >= 3.0.0, < 3.1.0 >= 2.7.0, < 2.7.38 |
CVE-2017-16652
|
PHP:SYMFONY-SECURITY-HTTP-2017-16652 | Open redirect vulnerability on security handlers | medium |
2017-11-16T15:20:19
(6 years ago) |
|
Affected | >= 2.5.0, < 2.7.48 >= 2.4.0, < 2.7.48 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 2.8.0, < 2.8.41 >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.11 >= 4.0.0, < 4.0.11 >= 3.3.0, < 3.3.17 >= 2.7.0, < 2.7.48 >= 2.6.0, < 2.7.48 |
CVE-2018-11385
|
PHP:SYMFONY-SECURITY-HTTP-2018-11385 | Session Fixation Issue for Guard Authentication | high |
2018-05-25T11:46:22
(6 years ago) |
|
Affected | >= 2.5.0, < 2.7.48 >= 2.4.0, < 2.7.48 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 2.8.0, < 2.8.41 >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.11 >= 4.0.0, < 4.0.11 >= 3.3.0, < 3.3.17 >= 2.6.0, < 2.7.48 >= 2.7.0, < 2.7.48 |
CVE-2018-11406
|
PHP:SYMFONY-SECURITY-HTTP-2018-11406 | CSRF Token Fixation | high |
2018-05-25T11:46:22
(6 years ago) |
|
Affected | >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.20 >= 2.8.0, < 2.8.49 >= 4.1.0, < 4.1.9 >= 3.3.0, < 3.4.0 >= 2.7.38, < 2.7.50 >= 4.0.0, < 4.0.15 >= 3.2.0, < 3.3.0 >= 4.2.0, < 4.2.1 >= 3.0.0, < 3.1.0 |
CVE-2018-19790
|
PHP:SYMFONY-SECURITY-HTTP-2018-19790 | Open Redirect Vulnerability on login | medium |
2018-11-06T11:52:00
(5 years ago) |
|
Affected | >= 3.1.0, < 3.2.0 >= 3.4.0, < 3.4.26 >= 2.8.0, < 2.8.50 >= 4.1.0, < 4.1.12 >= 3.3.0, < 3.4.0 >= 2.7.0, < 2.7.51 >= 4.0.0, < 4.1.0 >= 3.2.0, < 3.3.0 >= 3.0.0, < 3.1.0 >= 4.2.0, < 4.2.7 |
CVE-2019-10911
|
PHP:SYMFONY-SECURITY-HTTP-2019-10911 | Add a separator in the remember me cookie hash | high |
2019-04-16T10:54:35
(5 years ago) |
|
Affected | >= 4.2.0, < 4.2.12 >= 4.3.0, < 4.3.8 >= 4.1.0, < 4.2.0 |
CVE-2019-18886
|
PHP:SYMFONY-SECURITY-HTTP-2019-18886 | Prevent user enumeration using switch user functionality | medium |
2019-11-13T08:00:00
(4 years ago) |
|
Affected | >= 5.0.0, < 5.0.7 >= 4.4.0, < 4.4.7 |
CVE-2020-5275
|
PHP:SYMFONY-SECURITY-HTTP-2020-5275 | All rules set in "access_control" are required when the firewall is configured with the unanimous strategy | high |
2020-03-30T14:00:00
(4 years ago) |
|
Affected | >= 5.2.0, < 5.2.8 >= 5.1.0, < 5.2.0 |
CVE-2021-21424
|
PHP:SYMFONY-SECURITY-HTTP-2021-21424 | Prevent user enumeration via response content in authentication mechanisms | medium |
2021-05-12T08:00:00
(3 years ago) |
|
Affected | >= 5.3.0, < 5.3.2 |
CVE-2021-32693
|
PHP:SYMFONY-SECURITY-HTTP-2021-32693 | Authentication granted to all firewalls instead of just one | high |
2021-06-17T15:00:00
(3 years ago) |
|
Affected | >= 5.4.0, < 5.4.31 >= 6.1.0, < 6.2.0 >= 6.3.0, < 6.3.8 >= 6.2.0, < 6.3.0 >= 6.0.0, < 6.1.0 |
CVE-2023-46733
|
PHP:SYMFONY-SECURITY-HTTP-2023-46733 | Possible session fixation | medium |
2023-11-10T08:00:00
(10 months ago) |