GHSA-H4FW-6R7F-W494 Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy
Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...