GHSA-9wv8-3h8h-x2wc

Опубликовано: 15 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

doctrine/doctrine-module zero-valued authentication credentials vulnerability

it is possible (under certain circumstances) to obtain a valid Zend\Authentication identity even without knowing the user's credentials by using a numerically valued credential in DoctrineModule\Authentication\Adapter\ObjectRepository.

Ссылки

https://github.com/doctrine/DoctrineModule/issues/248
https://github.com/doctrine/DoctrineModule/issues/249
https://github.com/doctrine/DoctrineModule/commit/78018ef568c52e65a0b17e7bd5a4c90fe6673e84
https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/doctrine-module/2013-05-16.yaml

Пакеты

Наименование

doctrine/doctrine-module

composer

Затронутые версииВерсия исправления

< 0.7.2

0.7.2

6.5 Medium

CVSS3

6.5 Medium

CVSS3