Package impact
Packagist / symfony/security-http
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8124 | medium | — | 6.8 | 11y ago | Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… | |||
| CVE-2026-45069 | medium | — | 5.5 | 9d ago | Symfony's OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims | |||
| CVE-2026-45074 | medium | — | 5.5 | 9d ago | Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay | |||
| CVE-2026-45075 | medium | — | 5.5 | 9d ago | Synfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid] |