symfony/security-http vulnerabilities

Symfony Security Component - HTTP Integration

Latest version: v5.0.3

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the symfony/security-http package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
User Enumeration
>=4.2.0, <4.2.12,>=4.3.0, <4.3.8 Not available 22 Nov, 2019
  • M
Access Control Bypass
>=4.2.0, <4.2.7 Not available 24 Apr, 2019
  • M
Open Redirect
>=2.7.0, <2.7.50,>=2.8.0, <2.8.49,>=3.0.0, <3.4.20,>=4.0.0, <4.0.15,>=4.1.0, <4.1.9 Not available 10 Dec, 2018
  • H
Session Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • H
CSRF Token Fixation
<2.7.48,>=2.8.0, <2.8.41,>=3.0.0, <3.3.17,>=3.4.0, <3.4.11,>=4.0.0, <4.0.11 Not available 30 May, 2018
  • M
Open Redirect
>=2.7.0, <2.7.38,>=2.8.0, <2.8.31,>=3, <3.1.0,>=3.1.0, <3.2.0,>=3.2.0, <3.2.14,>=3.3.0, <3.3.13,>=3.4-BETA0, <3.4-BETA5,>=4.0-BETA0, <4.0-BETA5 Not available 04 Dec, 2017
  • H
Denial of Service (DoS)
>=2.3.0, <2.3.41,>=2.6.0, <2.7.0,>=2.4.0, <2.5.0,>=2.7.0, <2.7.13,>=2.5.0, <2.6.0,>=2.8.0, <2.8.6,>=3, <3.0.6 Not available 09 May, 2016
  • H
Timing Attack
>=2.6.0, <2.6.12,>=2.4.0, <2.5.0,>=2.7.0, <2.7.7,>=2.5.0, <2.6.0 Not available 23 Nov, 2015
  • M
Session Fixation
>=2.6.0, <2.6.12,>=2.4.0, <2.5.0,>=2.7.0, <2.7.7,>=2.5.0, <2.6.0 Not available 23 Nov, 2015