CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

DEBIAN-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

UBUNTU-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

CVE-2024-50341

CVE-2024-50341 affects Symfony’s security-bundle. The custom user_checker on a firewall wasn’t invoked when logging in programmatically via Security::login, enabling unwanted logins. The issue is addressed in Symfony/security-bundle upgrades: versions 6.4.10, 7.0.10 and 7.1.3 now call the configu...

Improper Authorization

Overview symfony/security-bundle is a security bundle for Symfony. Affected versions of this package are vulnerable to Improper Authorization in the createFirewall function in SecurityExtension.php, which does not apply userchecker during programmatic login. Remediation Upgrade...

PT-2024-34151 · Symfony +2 · Symfony/Securitybundle +2

Name of the Vulnerable Software and Affected Versions: symfony/security-bundle versions prior to 6.4.10 symfony/security-bundle versions prior to 7.0.10 symfony/security-bundle versions prior to 7.1.3 Description: The custom user checker defined on a firewall is not called when logging in...

Symfony 授权问题漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony that stems from the fact that a custom userchecker on the firewall is not invoked when logging in programmatically using the Security::log...

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...