Headline

GHSA-6mjq-9x4w-m3w9: FOSUserBundle Session Hijacking Vulnerability

Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.

8 months ago

ghsa

Open in Source

#vulnerability #git

Navigation Menu

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
GHSA-6mjq-9x4w-m3w9

FOSUserBundle Session Hijacking Vulnerability

High severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

composer friendsofsymfony/user-bundle (Composer)

Affected versions

>= 1.2.0, < 1.2.4

Description

Published to the GitHub Advisory Database

May 15, 2024

Last updated

May 15, 2024

ghsa: Latest News

GHSA-7pq5-qcp6-mcww: CKAN has an XSS vector in user uploaded images in group/org and user profiles

1 hour ago

ghsa

GHSA-w3pj-wh35-fq8w: GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

3 hours ago

ghsa

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

21 hours ago

ghsa

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

21 hours ago

ghsa

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

1 day ago

ghsa