GHSA-7FV8-6PP7-6H85 Sulu: Weak Cryptographical usage for API Key generation and Reset Tokens

Impact The password reset tokenand API key generation uses a weak cryptographical hash algorithm. Patches Fixed in 2.6.23 and 3.0.6 version. Workarounds Patch the related User.php and ResettingController.php file in the SecurityBundle...

Use of a Broken or Risky Cryptographic Algorithm

Overview sulu/sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the use of a weak cryptographical hash algorithm in the User.php and...

PT-2026-41793

Name of the Vulnerable Software and Affected Versions Sulu versions prior to 2.6.23 Sulu versions prior to 3.0.6 Description Sulu is an open-source PHP content management system based on the Symfony framework. The generation of API keys and password reset tokens utilizes a weak cryptographical ha...

EUVD-2026-25908

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

Linux Distros Unpatched Vulnerability : CVE-2024-50341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack...

CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

Improper Authorization

symfony/security-bundle is vulnerable to Improper Authorization. The vulnerability is due to the Security::login method not calling the configured userchecker, preventing proper user validation and allowing unauthorized logins...

DEBIAN-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

UBUNTU-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

CVE-2024-50341 Security::login does not take into account custom user_checker in symfony/security-bundle

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

Improper Authorization

Overview symfony/security-bundle is a security bundle for Symfony. Affected versions of this package are vulnerable to Improper Authorization in the createFirewall function in SecurityExtension.php, which does not apply userchecker during programmatic login. Remediation Upgrade...

PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2

Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...

CVE-2022-24895: CSRF token fixation

Affected versions Symfony versions =2.0.0, 4.4.50, = 5.0.0, 5.4.20, = 6.0.0, 6.0.20, = 6.1.0, 6.1.12, and = 6.2.0, 6.2.6 of the Symfony Security Bundle are affected by this security issue. The issue has been fixed in Symfony 4.4.50, 5.4.20, 6.0.20, 6.1.12, and 6.2.6. All other versions are not...

Sensio Labs Symfony 授权问题漏洞

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools that can be used to quickly create complex web programs. An authorization issue vulnerability exists in Symfony...

PT-2021-23229 · Symfony · Symfony/Securitybundle

Name of the Vulnerable Software and Affected Versions: Symfony/SecurityBundle versions 5.3.0 through 5.3.11 Description: The issue arises from the rework of the Remember me cookie in Symfony version 5.3.0, where the cookie is not invalidated when a user changes their password. This allows attacke...

CompTIA Security Certification Prep — Lifetime Access for just $30

At long last, top companies are starting to take cybersecurity seriously. As a consequence, technical recruiters are looking for people with hacking skills and certifications to prove it. CompTIA is seen as the gold standard when it comes to cybersecurity exams, with several certifications to...