Lucene search
K

12 matches found

OSV
OSV
added 2026/04/03 3:44 a.m.4 views

GHSA-GHC5-95C2-VWCV Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:44 a.m.30 views

Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...

5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/17 8:56 p.m.5 views

EUVD-2025-203983

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...

6.5AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 8:56 p.m.7 views

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

6.9AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-15582

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00467EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-17036

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.0062EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/01 9:21 p.m.8 views

Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/01 9:21 p.m.1 views

GHSA-7JP2-5H22-M432 Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import

Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...

3.3CVSS7.1AI score0.00329EPSS
Exploits0References5
OSV
OSV
added 2025/06/06 12:7 a.m.6 views

GHSA-98J6-67V3-MW34 Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability

Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

9.3CVSS7.1AI score0.0062EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/06/06 12:7 a.m.21 views

Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability

Overview The Auth0 Symfony SDK contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Am I Affected?...

9.3CVSS7.1AI score0.0062EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/05/17 3:6 p.m.25 views

Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

9.1CVSS7.1AI score0.00467EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/05/17 3:6 p.m.7 views

GHSA-9WG9-93H9-J8CH Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

9.1CVSS9AI score0.00467EPSS
Exploits0References5
Rows per page
Query Builder