CVE-2024-50341

CVE-2024-50341 affects Symfony’s security-bundle. The custom user_checker on a firewall wasn’t invoked when logging in programmatically via Security::login, enabling unwanted logins. The issue is addressed in Symfony/security-bundle upgrades: versions 6.4.10, 7.0.10 and 7.1.3 now call the configu...