Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php
because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim’s session.
github.com/advisories/GHSA-h7vf-5wrv-9fhv
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-kernel/CVE-2022-24894.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2022-24894.yaml
github.com/symfony/http-kernel/commit/f7822a7c63681e6ad4cadb8f8c2943c9bc2d3e9a
github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
lists.debian.org/debian-lts-announce/2023/07/msg00014.html
symfony.com/blog/cve-2022-24894-prevent-storing-cookie-headers-in-httpcache