Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
FOSUserBundle Session Hijacking Vulnerability
Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.
Permalink: https://github.com/advisories/GHSA-6mjq-9x4w-m3w9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 6 months ago
Identifiers: GHSA-6mjq-9x4w-m3w9
References:
- https://github.com/FriendsOfSymfony/FOSUserBundle/commit/8e412a70cafd924ad04c7325dae423048861b955
- https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-2.yaml
- https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md
- https://github.com/advisories/GHSA-6mjq-9x4w-m3w9
Blast Radius: 0.0
Affected Packages
packagist:friendsofsymfony/user-bundle
Dependent packages: 431Dependent repositories: 6,959
Downloads: 32,062,798 total
Affected Version Ranges: >= 1.2.0, < 1.2.4
Fixed in: 1.2.4
All affected versions: 1.2.0, 1.2.1, 1.2.2, 1.2.3
All unaffected versions: 1.1.0, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.4.0, 4.0.0