GHSA-wvj5-r78r-hhfq

Source

https://github.com/advisories/GHSA-wvj5-r78r-hhfq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wvj5-r78r-hhfq/GHSA-wvj5-r78r-hhfq.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-wvj5-r78r-hhfq

Aliases

CVE-2016-2403

Published

2022-05-14T03:10:21Z

Modified

2024-02-08T19:31:44.050587Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Symfony Authentication Bypass

Details

Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.

Database specific

{
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T18:26:03Z",
    "nvd_published_at": "2017-02-07T17:59:00Z"
}

References

Affected packages

Packagist / symfony/security-core

Package

Name: symfony/security-core
Purl: pkg:composer/symfony/security-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Fixed

2.8.6

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

Packagist / symfony/security-core

Package

Name: symfony/security-core
Purl: pkg:composer/symfony/security-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.6

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Fixed

2.8.6

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.6

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Fixed

2.8.6

Affected versions

v2.*

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.6

Affected versions

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5