12 matches found
GHSA-GHC5-95C2-VWCV Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...
Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...
EUVD-2025-203983
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
EUVD-2025-15582
Malicious code in bioql PyPI...
EUVD-2025-17036
Malicious code in bioql PyPI...
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
GHSA-7JP2-5H22-M432 Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...
GHSA-98J6-67V3-MW34 Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability
Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability
Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...
GHSA-9WG9-93H9-J8CH Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...