pkg:Packagist/symfony/security-http

所有已知漏洞

• HIGH8.8CVE-2018-11406Symfony CSRF Token Fixation
  >= 2.7.0, < 2.7.48
• HIGH8.1CVE-2018-11385Symfony Session Fixation Vulnerability
  >= 2.7.0, < 2.7.48
• HIGH7.6CVE-2020-5275Firewall configured with unanimous strategy was not actually unanimous in Symfony
  >= 4.4.0, < 4.4.7
• HIGH7.5CVE-2024-51996symfony - security update
  >= 5.3.0, < 5.4.47
• HIGH7.5CVE-2016-4423Symphony Denial of Service Via Overlong Usernames
  >= 2.3.0, < 2.3.41
• HIGH7.5CVE-2019-10911Improper authentication in Symfony
  >= 2.7.0, < 2.7.51
• MEDIUM6.8CVE-2021-32693Authentication granted to all firewalls instead of just one
  >= 5.3.0, < 5.3.2
• MEDIUM6.5CVE-2023-46733Symfony possible session fixation vulnerability
  >= 5.4.21, < 5.4.31
• MEDIUM6.1CVE-2017-16652symfony - security update
  >= 2.7.0, < 2.7.38
• MEDIUM6.1CVE-2018-19790Symfony Open Redirect
  >= 2.7.38, < 2.7.50
• MEDIUM5.3CVE-2021-21424Prevent user enumeration using Guard or the new Authenticator-based Security
  >= 5.1.0, < 5.2.8
• MEDIUM5.3CVE-2019-18886symfony - security update
  >= 4.1.0, < 4.2.12
• LOW3.1CVE-2015-8124symfony - security update
  >= 2.4.0, < 2.6.12
• —CVE-2026-45075Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
  >= 7.4.0, < 7.4.12
• —CVE-2026-45074Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
  >= 7.1.0, < 7.4.12
• —CVE-2026-45069Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
  >= 6.3.0, < 6.4.40
• —CVE-2026-45063Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
  from 0, < 5.4.52
• —CVE-2015-8125Symfony Vulnerable to Timing Attack
  >= 2.4.0, < 2.6.12