>= 2.7.0, < 2.7.48
>= 2.7.0, < 2.7.48
HIGH7.6CVE-2020-5275Firewall configured with unanimous strategy was not actually unanimous in Symfony >= 4.4.0, < 4.4.7
HIGH7.5Symfony has an Authentication Bypass via RememberMe
>= 5.3.0, < 5.4.47
HIGH7.5Symphony Denial of Service Via Overlong Usernames
>= 2.3.0, < 2.3.41
HIGH7.5Improper authentication in Symfony
>= 2.7.0, < 2.7.51
MEDIUM6.8Authentication granted to all firewalls instead of just one
>= 5.3.0, < 5.3.2
MEDIUM6.5Symfony possible session fixation vulnerability
>= 5.4.21, < 5.4.31
MEDIUM6.1Symfony Open Redirect
>= 2.7.0, < 2.7.38
MEDIUM6.1Symfony Open Redirect
>= 2.7.38, < 2.7.50
MEDIUM5.3Prevent user enumeration using Guard or the new Authenticator-based Security
>= 5.1.0, < 5.2.8
MEDIUM5.3User enumeration leak using switch user functionality in Symfony
>= 4.1.0, < 4.2.12
LOW3.1Symfony Session Fixation Vulnerability
>= 2.4.0, < 2.6.12
—Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
>= 7.4.0, < 7.4.12
—Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay
>= 7.1.0, < 7.4.12
—Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims
>= 6.3.0, < 6.4.40
—Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes
from 0, < 5.4.53
—Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authenticator
from 0, < 5.4.52
—Symfony Vulnerable to Timing Attack
>= 2.4.0, < 2.6.12