CVE-2024-50341

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50341
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50341.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50341
Aliases
Downstream
Published
2024-11-06T21:06:49.426Z
Modified
2026-05-18T05:59:02.142220904Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Security::login does not take into account custom user_checker in symfony/security-bundle
Details

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the Security::login method now ensure to call the configured user_checker. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50341.json",
    "cwe_ids": [
        "CWE-287"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/symfony/symfony

Affected ranges

Type
GIT
Repo
https://github.com/symfony/symfony
Events
Introduced
08964d6da4787cd5f19e60f8aaf41ffd26d6c8c3
Fixed
60ccc390f438c3a11b601d385b77c6f2431ffc5d

Affected versions

v7.*
v7.1.0
v7.1.1
v7.1.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50341.json"