3 matches found
GHSA-M2WJ-R6G3-FXFX Symfony possible session fixation vulnerability
Description SessionStrategyListener does not always migrate the session after a successful login. It only migrate the session when the logged-in user identifier changes. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token...
Symfony possible session fixation vulnerability
Description SessionStrategyListener does not always migrate the session after a successful login. It only migrate the session when the logged-in user identifier changes. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token...
CVE-2023-46733: Possible session fixation
Affected versions Symfony versions =5.4.21, 5.4.31, and = 6.2.7, 6.3.8 of the Symfony Security HTTP component are affected by this security issue. The issue has been fixed in Symfony 5.4.31, 6.3.8. Description SessionStrategyListener does not always migrate the session after a successful login. I...