Описание
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the Security::login method now ensure to call the configured user_checker. All users are advised to upgrade. There are no known workarounds for this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.4.10+dfsg-1ubuntu1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | released | 6.4.5+dfsg-3ubuntu3+esm1 |
| esm-apps/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | needed | |
| oracular | not-affected | 6.4.10+dfsg-1ubuntu1 |
Показывать по
EPSS
3.1 Low
CVSS3
Связанные уязвимости
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
symfony/security-bundle is a module for the Symphony PHP framework whi ...
Symfony's `Security::login` does not take into account custom `user_checker`
EPSS
3.1 Low
CVSS3