CVE-2019-10911

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10911
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10911
Aliases
Downstream
Published
2019-05-16T22:29:00.500Z
Modified
2026-02-05T02:05:52.119143Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.

References

Affected packages

Git
github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
9b04d294324d9c76be4b596de4316cb8804e8223
Fixed
91ded4b7776e05ee9633bdc1c458b41c718133e0
Introduced
b73ab73d39dca97a12513e8a9e4f4da4b0676f5f
Fixed
c5bc3922f27c93ab3669428a504212adb801400f

Affected versions

8.*
8.5.0
8.5.1
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6
8.5.7
8.5.8
8.5.9
8.6.0
8.6.1
8.6.10
8.6.11
8.6.12
8.6.13
8.6.14
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.6.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"
github.com/symfony/security-http

Affected ranges

Type
GIT
Repo
https://github.com/symfony/security-http
Events
Introduced
de2f3d51160791ef254010953dbde178fee9845f
Fixed
04969233b866f5b80bda38a51e79463536926a84
Introduced
33c98765dc6fec4907b7431d10e3c0945f061108
Fixed
58e2b17e90640c3bc80dcf0601561c6b54e4869f
Introduced
946668ddc1fa0279fe03e2c090ebc29881f12ddb
Fixed
67f6163f2efe91e586b5a6982294c6e91c70e335
Introduced
a8d5dd00894f8b5e3edb897f4504c51ddc442370
Fixed
7e0b49a8d10e31c0cd0431bbc99b20b6c5be4fb7
Introduced
34e089af7d363bd2ded8ad15f06b2b97348b97e5
Fixed
ff2189e9921e4a88c4f621fa44444fe2b4fb1b11

Affected versions

v2.*
v2.6.10
v2.6.11
v2.7.0
v2.7.1
v2.7.10
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.0-BETA1
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.0.0
v3.0.0-BETA1
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.0-BETA1
v3.1.0-RC1
v3.1.1
v3.1.10
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2.0
v3.2.0-BETA1
v3.2.0-RC1
v3.2.0-RC2
v3.2.1
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0
v3.3.0-BETA1
v3.3.0-RC1
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.0-BETA1
v3.4.0-BETA2
v3.4.0-BETA3
v3.4.0-BETA4
v3.4.0-RC1
v3.4.0-RC2
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"
github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
0a47db379b8cc74cdd84e1e6870fafc4a4ac8351
Fixed
1b89e7baec9891c323bbf1ec81af77d901fc60c9
Introduced
9975b1eca3de4db792a2c3e4e16f676a4aadcd46
Fixed
20f9c87a12a0749ad3a96da256b4d0f95aad4beb
Introduced
5615b92cd452cd54f1433a3f53de87c096a1107f
Fixed
2ef4e09343bdbdee0a7968f58b8ec594ce0aa47d
Introduced
58261043876feb695640457c5675bb331a6eb3b7
Fixed
482d06316077da115e5dac2afd2a7ce9f5f100f7
Introduced
7bd9a1bae87e6b2d7eba499ebf3053ff4bc3a483
Fixed
6122c791d640b75702514c18c8aae816dbbefae2
Fixed
a29ce2817cf43bb1850cf6af114004ac26c7a081

Affected versions

v2.*
v2.3.30
v2.3.31
v2.3.32
v2.3.33
v2.3.34
v2.3.35
v2.3.36
v2.3.37
v2.3.38
v2.3.39
v2.3.40
v2.3.41
v2.3.42
v2.6.10
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.2
v2.7.20
v2.7.21
v2.7.22
v2.7.23
v2.7.24
v2.7.25
v2.7.26
v2.7.27
v2.7.28
v2.7.29
v2.7.3
v2.7.30
v2.7.31
v2.7.32
v2.7.33
v2.7.34
v2.7.35
v2.7.36
v2.7.37
v2.7.38
v2.7.39
v2.7.4
v2.7.40
v2.7.41
v2.7.42
v2.7.43
v2.7.44
v2.7.45
v2.7.46
v2.7.47
v2.7.48
v2.7.49
v2.7.5
v2.7.50
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.0-BETA1
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.15
v2.8.16
v2.8.17
v2.8.18
v2.8.19
v2.8.2
v2.8.20
v2.8.21
v2.8.22
v2.8.23
v2.8.24
v2.8.25
v2.8.26
v2.8.27
v2.8.28
v2.8.29
v2.8.3
v2.8.30
v2.8.31
v2.8.32
v2.8.33
v2.8.34
v2.8.35
v2.8.36
v2.8.37
v2.8.38
v2.8.39
v2.8.4
v2.8.40
v2.8.41
v2.8.42
v2.8.43
v2.8.44
v2.8.45
v2.8.46
v2.8.47
v2.8.48
v2.8.49
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v3.*
v3.3.14
v3.3.15
v3.4.0
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v3.4.18
v3.4.19
v3.4.2
v3.4.20
v3.4.21
v3.4.22
v3.4.23
v3.4.24
v3.4.25
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v4.*
v4.0.0
v4.0.0-BETA1
v4.0.0-BETA2
v4.0.0-BETA3
v4.0.0-BETA4
v4.0.0-RC1
v4.0.0-RC2
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-BETA1
v4.1.0-BETA2
v4.1.0-BETA3
v4.1.1
v4.1.10
v4.1.11
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10911.json"