CVE-2019-10911

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10911
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10911
Aliases
Downstream
Published
2019-05-16T22:29:00.500Z
Modified
2026-03-03T01:12:40.614208Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.

References

Affected packages

Git
github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
9b04d294324d9c76be4b596de4316cb8804e8223
Fixed
91ded4b7776e05ee9633bdc1c458b41c718133e0
Introduced
b73ab73d39dca97a12513e8a9e4f4da4b0676f5f
Fixed
c5bc3922f27c93ab3669428a504212adb801400f

Affected versions

8.*
8.5.0
8.5.1
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.7
8.5.8
8.5.9
8.6.0
8.6.1
8.6.10
8.6.11
8.6.12
8.6.13
8.6.14
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.6.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"
github.com/symfony/security-http

Affected ranges

Type
GIT
Repo
https://github.com/symfony/security-http
Events
Introduced
33c98765dc6fec4907b7431d10e3c0945f061108
Fixed
58e2b17e90640c3bc80dcf0601561c6b54e4869f
Introduced
34e089af7d363bd2ded8ad15f06b2b97348b97e5
Fixed
ff2189e9921e4a88c4f621fa44444fe2b4fb1b11
Introduced
946668ddc1fa0279fe03e2c090ebc29881f12ddb
Fixed
67f6163f2efe91e586b5a6982294c6e91c70e335
Introduced
a8d5dd00894f8b5e3edb897f4504c51ddc442370
Fixed
7e0b49a8d10e31c0cd0431bbc99b20b6c5be4fb7
Introduced
de2f3d51160791ef254010953dbde178fee9845f
Fixed
04969233b866f5b80bda38a51e79463536926a84

Affected versions

v2.*
v2.6.10
v2.6.11
v2.7.0
v2.7.1
v2.7.10
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.3.15
v3.3.16
v3.4.0
v3.4.0-RC1
v3.4.0-RC2
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"
github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a29ce2817cf43bb1850cf6af114004ac26c7a081
Introduced
0a47db379b8cc74cdd84e1e6870fafc4a4ac8351
Fixed
1b89e7baec9891c323bbf1ec81af77d901fc60c9
Introduced
5615b92cd452cd54f1433a3f53de87c096a1107f
Fixed
2ef4e09343bdbdee0a7968f58b8ec594ce0aa47d
Introduced
58261043876feb695640457c5675bb331a6eb3b7
Fixed
482d06316077da115e5dac2afd2a7ce9f5f100f7
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Fixed
6122c791d640b75702514c18c8aae816dbbefae2
Introduced
9975b1eca3de4db792a2c3e4e16f676a4aadcd46
Fixed
20f9c87a12a0749ad3a96da256b4d0f95aad4beb

Affected versions

v2.*
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37
v2.3.38
v2.3.39
v2.3.40
v2.3.41
v2.3.42
v2.6.10
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.3.14
v3.3.15
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"