Session Fixation Affecting symfony/symfony package, versions >=2.3.0, <2.3.35>=2.6.0, <2.6.12>=2.4.0, <2.5.0>=2.7.0, <2.7.7>=2.5.0, <2.6.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
1.54% (87th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-SYMFONYSYMFONY-70218
  • published23 Nov 2015
  • disclosed23 Nov 2015
  • creditUnknown

Introduced: 23 Nov 2015

CVE-2015-8124  (opens in a new tab)
CWE-384  (opens in a new tab)

How to fix?

Upgrade symfony/symfony to version 2.3.35, 2.6.12, 2.5.0, 2.7.7, 2.6.0 or higher.

Overview

Affected versions of symfony/symfony are vulnerable to Session Fixation.

CVSS Scores

version 3.1