EUVD-2024-3280

Malicious code in bioql PyPI...

DEBIAN-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

UBUNTU-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

Improper Authorization

Overview symfony/security-bundle is a security bundle for Symfony. Affected versions of this package are vulnerable to Improper Authorization in the createFirewall function in SecurityExtension.php, which does not apply userchecker during programmatic login. Remediation Upgrade...

Symfony 授权问题漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from the fact that a custom userchecker on the firewall is not invoked when logging in programmatically using the Security::log...

Open Redirect

github.com/pomerium/pomerium is vulnerable to open redirect. When using programmatic login, it does not restrict a signed login URL to redirect a victim to the attacker’s site and eventually can cause a JWT leakage...