PT-2021-23229 · Symfony · Symfony/Securitybundle
Name of the Vulnerable Software and Affected Versions: Symfony/SecurityBundle versions 5.3.0 through 5.3.11 Description: The issue arises from the rework of the Remember me cookie in Symfony version 5.3.0, where the cookie is not invalidated when a user changes their password. This allows attacke...