8 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-24895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the...
Debian dla-3493 : php-symfony - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3493-1 [email protected]...
[SECURITY] [DLA 3493-1] symfony security update
Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE ID : CVE-2021-21424 CVE-2022-24894 CVE-2022-24895 Multiple security vulnerabilities were...
Fedora 37 : php-symfony4 (2023-74b702f058)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-74b702f058 advisory. Version 4.4.50 2023-02-01 security cve-2022-24895 Security/Http Remove CSRF tokens from storage on successful login nicolas-grekas security...
Fedora: Security Advisory for php-symfony4 (FEDORA-2023-aecde14648)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Symfony Multiple Vulnerabilities (GHSA-h7vf-5wrv-9fhv, GHSA-3gv2-29qc-v67m)
Symfony is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-24895
Summary of CVE-2022-24895 : Symfony’s authentication flow regenerates the session ID on login but does not clear CSRF tokens, allowing a potential session-fixation–style attack that could bypass CSRF protection. This is described as a vulnerability in Symfony’s session handling and CSRF-token cle...
CVE-2022-24895: Possible CSRF token fixation
More info at https://symfony.com/cve-2022-24895...