Lucene search
GoogleOSV:CVE-2020-5275HistoryMar 30, 2020 - 8:15 p.m.
CVE-2020-5275
2020-03-3020:15:19
Google
osv.dev
5
In symfony/security-http before versions 4.4.7 and 5.0.7, when a Firewall checks access control rule, it iterate overs each rule’s attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7.
Related
prion
prion
Improper access control
2020-03-30 20:15:00
osv
osv
Firewall configured with unanimous strategy was not actually unanimous in Symfony
2020-03-30 20:09:44
BIT-symfony-2020-5275
2024-03-06 11:08:26
friendsofphp
friendsofphp
ubuntucve
ubuntucve
CVE-2020-5275
2020-03-30 00:00:00
debiancve
debiancve
CVE-2020-5275
2020-03-30 20:15:19
cvelist
cvelist
nvd
nvd
CVE-2020-5275
2020-03-30 20:15:19
cve
cve
CVE-2020-5275
2020-03-30 20:15:19
symfony
symfony
github
github
openvas
openvas
Symfony 4.4.x < 4.4.7, 5.0.x < 5.0.7 Multiple Vulnerabilities
2020-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: php-symfony4-4.4.7-1.fc32
2020-04-09 14:45:39