symfony is vulnerable to Session Fixation.The vulnerability exists due to the lack of validations in security.xml
, which allows an attacker to gain unauthorized access to an account.
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2022-24895.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24895.yaml
github.com/symfony/security-bundle/commit/076fd2088ada33d760758d98ff07ddedbf567946
github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
lists.debian.org/debian-lts-announce/2023/07/msg00014.html
symfony.com/blog/cve-2022-24895-csrf-token-fixation