VYPR
High severity8.1NVD Advisory· Published Jun 13, 2018· Updated Jun 17, 2026

CVE-2018-11385

CVE-2018-11385

Description

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
symfony/symfonyPackagist
>= 2.7.0, < 2.7.482.7.48
symfony/symfonyPackagist
>= 2.8.0, < 2.8.412.8.41
symfony/symfonyPackagist
>= 3.0.0, < 3.3.173.3.17
symfony/symfonyPackagist
>= 3.4.0, < 3.4.113.4.11
symfony/symfonyPackagist
>= 4.0.0, < 4.0.114.0.11
symfony/security-httpPackagist
>= 2.7.0, < 2.7.482.7.48
symfony/security-httpPackagist
>= 2.8.0, < 2.8.412.8.41
symfony/security-httpPackagist
>= 3.0.0, < 3.3.173.3.17
symfony/security-httpPackagist
>= 3.4.0, < 3.4.113.4.11
symfony/security-httpPackagist
>= 4.0.0, < 4.0.114.0.11
symfony/securityPackagist
>= 2.7.0, < 2.7.482.7.48
symfony/securityPackagist
>= 2.8.0, < 2.8.412.8.41
symfony/securityPackagist
>= 3.0.0, < 3.3.173.3.17
symfony/securityPackagist
>= 3.4.0, < 3.4.113.4.11
symfony/securityPackagist
>= 4.0.0, < 4.0.114.0.11

Affected products

3

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.