symfony/security-http Security Advisories for v4.1.0-BETA2 (3)
-
[MEDIUM] CVE-2019-18886: Prevent user enumeration using switch user functionality
PKSA-96vf-z7pm-9yfb CVE-2019-18886 GHSA-4vpc-5jx4-cfqg
Affected version: >=4.1.0,<4.2.0|>=4.2.0,<4.2.12|>=4.3.0,<4.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2019-10911: Add a separator in the remember me cookie hash
PKSA-q3pf-cxf3-f7xy CVE-2019-10911 GHSA-cchx-mfrc-fwqr
Affected version: >=2.7.0,<2.7.51|>=2.8.0,<2.8.50|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.26|>=4.0.0,<4.1.0|>=4.1.0,<4.1.12|>=4.2.0,<4.2.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2018-19790: Open Redirect Vulnerability on login
PKSA-n31d-7jn4-qfx5 CVE-2018-19790 GHSA-89r2-5g34-2g47
Affected version: >=2.7.38,<2.7.50|>=2.8.0,<2.8.49|>=3.0.0,<3.1.0|>=3.1.0,<3.2.0|>=3.2.0,<3.3.0|>=3.3.0,<3.4.0|>=3.4.0,<3.4.20|>=4.0.0,<4.0.15|>=4.1.0,<4.1.9|>=4.2.0,<4.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories