EUVD-2022-3415

Malicious code in bioql PyPI...

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

Weak Entropy In Token Generation

friendsofsymfony/user-bundle is vulnerable to Weak Entropy in Token Generation. The vulnerability is due to the imprecise nature of the baseconvert function used in FOSUserBundle, which allows attackers to exploit the weakened randomness of tokens generated for email confirmation and password...

GHSA-8WX3-8M4X-G5H4 FOSUserBundle User Identity Validation Vulnerability

Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their...

FOSUserBundle User Identity Validation Vulnerability

Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their...

FOSUserBundle Session Hijacking Vulnerability

Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks...

GHSA-6MJQ-9X4W-M3W9 FOSUserBundle Session Hijacking Vulnerability

Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks...

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

GHSA-PJX8-984P-7P3X FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

PT-2024-40131 · Unknown · Fosuserbundle

Name of the Vulnerable Software and Affected Versions: FOSUserBundle versions 1.2.x through 1.2.3 Description: A security issue related to session hijacking has been identified. The estimated number of potentially affected devices is not specified. This issue has been addressed in a newer version...

FriendsOfSymfony FOSUserBundle denial of service via login form

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

GHSA-9MPF-G3FC-9RGV FriendsOfSymfony FOSUserBundle denial of service via login form

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

Denial Of Service (DoS)

FOSUserBundle is vulnerable to denial of service DoS attacks. A malicious user can pass a very long password to the application that will result in an expensive hash computation, causing the application to run out of resources and crash...

Security releases (CVE-2013-5958): Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 released

Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 have just been released; they contain a security fix for the Security component CVE-2013-5958. Note Even if the end of life of Symfony 2.0 was reached last month, we are also releasing a new versio...

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

Design/Logic Flaw

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

CVE-2013-5750

The CVE concerns the FriendsOfSymfony FOSUserBundle login form (Symfony) prior to 1.3.3. The vulnerability is a denial of service caused by an expensive hash computation triggered by a very long password (PBKDF2), leading to high CPU usage. The connected records confirm the issue and its scope bu...

CVE-2013-5750

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service CPU consumption via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation...

CVE-2013-5750: Security issue in FOSUserBundle login form

Django recently released a new version of their framework to address a possible DOS attack when an attacker uses a very long password on a login form. One of the best practices for passwords is to store a hash of the password instead of the raw value. In Symfony, the encoders are responsible for...

DOS attack in FOSUserBundle login form

More info at https://symfony.com/cve-2013-5750...