GHSA-6mjq-9x4w-m3w9

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

Описание

FOSUserBundle Session Hijacking Vulnerability

Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.

Ссылки

https://github.com/FriendsOfSymfony/FOSUserBundle/commit/8e412a70cafd924ad04c7325dae423048861b955
https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-2.yaml
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md

Пакеты

Наименование

friendsofsymfony/user-bundle

composer

Затронутые версииВерсия исправления

>= 1.2.0, < 1.2.4

1.2.4