symfony/security-http Security Advisories for v6.0.20 (2)
-
[HIGH] CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
PKSA-rqvm-b18n-vg69 CVE-2024-51996 GHSA-cg23-qf8f-62rr
Affected version: >=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2023-46733: Possible session fixation
PKSA-5x8m-77gx-t86z CVE-2023-46733 GHSA-m2wj-r6g3-fxfx
Affected version: >=5.4.0,<5.4.31|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.3.8
Reported by:
GitHub, FriendsOfPHP/security-advisories