symfony/security vulnerabilities

licenses detected

MIT
>=0

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the symfony/security package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Information Exposure	>=2.8.0, <3.4.48>=4.0.0, <4.4.23
H Improper Authorization	>=4.4.0, <4.4.7
M Access Control Bypass	>=4.2.0, <4.2.7
M Information Exposure	>=2.7.38, <2.7.50>=2.8.0, <2.8.49>=3.0.0, <3.4.20>=4.0.0, <4.0.15>=4.1.0, <4.1.9>=4.2.0, <4.2.1
M Open Redirect	>=2.7.0, <2.7.50>=2.8.0, <2.8.49>=3.0.0, <3.4.20>=4.0.0, <4.0.15>=4.1.0, <4.1.9
H Session Fixation	<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
H CSRF Token Fixation	<2.7.48>=2.8.0, <2.8.41>=3.0.0, <3.3.17>=3.4.0, <3.4.11>=4.0.0, <4.0.11
C Access Restriction Bypass	<2.8.37>=3.0.0, <3.3.17>=3.4.0, <3.4.7>=4.0.0, <4.0.7
C Access Restriction Bypass	>=2.7.30, <2.7.32>=2.8.23, <2.8.25>=3.2.10, <3.2.12>=3.3.3, <3.3.5
C Access Restriction Bypass	>=3.0.0, <3.0.6>=2.8.0, <2.8.6
H Insecure Randomness	>=2.3.0, <2.3.37>=2.6.0, <2.6.13>=2.4.0, <2.5.0>=2.7.0, <2.7.9>=2.5.0, <2.6.0
M Session Fixation	>=2.3.0, <2.3.35>=2.6.0, <2.6.12>=2.4.0, <2.5.0>=2.7.0, <2.7.7>=2.5.0, <2.6.0
H Timing Attack	>=2.3.0, <2.3.35>=2.6.0, <2.6.12>=2.4.0, <2.5.0>=2.7.0, <2.7.7>=2.5.0, <2.6.0
M Denial of Service (DoS)	>=2.3.0, <2.3.6>=2.1.0, <2.1.13>=2.2.0, <2.2.9>=2, <2.0.25
M Path Disclosure	>=2, <2.0.19