VYPR

Packagist (Composer) package

symfony/security-csrf

pkg:composer/symfony/security-csrf

Vulnerabilities (1)

  • CVE-2017-16653MedAug 6, 2018
    affected >= 2.7.0, < 2.7.38fixed 2.7.38

    An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and