National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2019-10911

Change History

Initial Analysis - 5/17/2019 12:05:18 PM

Action Type Old Value New Value
Changed Reference Type
https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081 No Types Assigned
https://github.com/symfony/symfony/commit/a29ce2817cf43bb1850cf6af114004ac26c7a081 Patch, Third Party Advisory
Changed Reference Type
https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash No Types Assigned
https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash Third Party Advisory
Added CWE
CWE-287
Added CVSS V2
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Added CVSS V3
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CPE Configuration
OR
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 2.7.0 up to (excluding) 2.7.51
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 2.8.0 up to (excluding) 2.8.50
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 3.4.0 up to (excluding) 3.4.26
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 4.1.0 up to (excluding) 4.1.12
     *cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* versions from (including) 4.2.0 up to (excluding) 4.2.7