Packagist (Composer) package
symfony/security-bundle
pkg:composer/symfony/security-bundle
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50341 | Low | 3.1 | >= 6.2.0, < 6.4.10 | 6.4.10 | Nov 6, 2024 | symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::logi | |
| CVE-2022-24895 | — | >= 2.0.0, < 4.4.50 | 4.4.50 | Feb 3, 2023 | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, | ||
| CVE-2021-41268 | — | >= 5.3.0, < 5.3.12 | 5.3.12 | Nov 24, 2021 | Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attac | ||
| CVE-2018-11408 | — | >= 2.7.0, < 2.7.48 | 2.7.48 | Jun 13, 2018 | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exis | ||
| CVE-2018-11406 | — | >= 2.7.0, < 2.7.48 | 2.7.48 | Jun 13, 2018 | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through |
- affected >= 6.2.0, < 6.4.10fixed 6.4.10
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::logi
- CVE-2022-24895Feb 3, 2023affected >= 2.0.0, < 4.4.50fixed 4.4.50
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login,
- CVE-2021-41268Nov 24, 2021affected >= 5.3.0, < 5.3.12fixed 5.3.12
Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attac
- CVE-2018-11408Jun 13, 2018affected >= 2.7.0, < 2.7.48fixed 2.7.48
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exis
- CVE-2018-11406Jun 13, 2018affected >= 2.7.0, < 2.7.48fixed 2.7.48
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through