Fluid Attacks Database

Description

Withdrawn Advisory: Symfony http-security has authentication bypass

Withdrawn Advisory

This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046.

Original Description

In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	symfony	=4.4.19+dfsg-2 \|\| =4.4.19+dfsg-2+deb11u1 \|\| =4.4.19+dfsg-2+deb11u2 \|\| =4.4.19+dfsg-2+deb11u3 \|\| =4.4.19+dfsg-2+deb11u4 \|\| =4.4.19+dfsg-2+deb11u5 \|\| =4.4.19+dfsg-2+deb11u6 \|\| =4.4.19+dfsg-2+deb11u7 \|\| =4.4.19+dfsg-3 \|\| =5.0.0~beta2-1 \|\| =5.0.2-1 \|\| =5.0.4-1 \|\| =5.2.1+dfsg-1 \|\| =5.2.2+dfsg-1 \|\| =5.2.3+dfsg-1 \|\| =5.2.4+dfsg-1 \|\| =5.2.5+dfsg-1 \|\| =5.2.6+dfsg-1 \|\| =5.3.10+dfsg-1 \|\| =5.3.12+dfsg-1 \|\| =5.3.12+dfsg-2 \|\| =5.3.9+dfsg-1 \|\| =5.4.0+dfsg-1 \|\| =5.4.0+dfsg-2 \|\| =5.4.0~beta1+dfsg-1 \|\| =5.4.0~beta2+dfsg-1 \|\| =5.4.0~beta3+dfsg-1 \|\| =5.4.0~rc1+dfsg-1 \|\| =5.4.0~rc1+dfsg-2 \|\| =5.4.0~rc1+dfsg-3 \|\| =5.4.1+dfsg-1 \|\| =5.4.10+dfsg-1 \|\| =5.4.11+dfsg-1 \|\| =5.4.11+dfsg-2 \|\| =5.4.12+dfsg-1 \|\| =5.4.12+dfsg-2 \|\| =5.4.13+dfsg-1 \|\| =5.4.14+dfsg-1 \|\| =5.4.15+dfsg-1 \|\| =5.4.16+dfsg-1 \|\| =5.4.18+dfsg-1 \|\| =5.4.18+dfsg-2 \|\| =5.4.18+dfsg-3 \|\| =5.4.19+dfsg-1 \|\| =5.4.2+dfsg-1 \|\| =5.4.2+dfsg-2 \|\| =5.4.2+dfsg-3 \|\| =5.4.20+dfsg-1 \|\| =5.4.21+dfsg-1 \|\| =5.4.22+dfsg-1 \|\| =5.4.22+dfsg-2 \|\| =5.4.22+dfsg-3 \|\| =5.4.23+dfsg-1 \|\| =5.4.24+dfsg-1 \|\| =5.4.25+dfsg-1 \|\| =5.4.27+dfsg-1 \|\| =5.4.28+dfsg-1 \|\| =5.4.29+dfsg-1 \|\| =5.4.30+dfsg-1 \|\| =5.4.31+dfsg-1 \|\| =5.4.31+dfsg-2 \|\| =5.4.32+dfsg-1 \|\| =5.4.33+dfsg-1 \|\| =5.4.34+dfsg-1 \|\| =5.4.34+dfsg-2 \|\| =5.4.35+dfsg-1 \|\| =5.4.35+dfsg-2 \|\| =5.4.35+dfsg-3 \|\| =5.4.4+dfsg-1 \|\| =5.4.6+dfsg-1 \|\| =5.4.8+dfsg-1 \|\| =5.4.9+dfsg-1 \|\| =5.4.9+dfsg-2 \|\| =6.3.0+dfsg-1 \|\| =6.3.0~rc1+dfsg-1 \|\| =6.3.0~rc2+dfsg-1 \|\| =6.3.1+dfsg-1 \|\| =6.3.3+dfsg-1 \|\| =6.3.4+dfsg-1 \|\| =6.3.5+dfsg-1 \|\| =6.3.6+dfsg-1 \|\| =6.3.7+dfsg-1 \|\| =6.4.0+dfsg-1 \|\| =6.4.0~beta2+dfsg-1 \|\| =6.4.0~beta3+dfsg-1 \|\| =6.4.0~rc1+dfsg-1 \|\| =6.4.0~rc2+dfsg-1 \|\| =6.4.1+dfsg-1 \|\| =6.4.10+dfsg-1 \|\| =6.4.11+dfsg-1 \|\| =6.4.12+dfsg-1 \|\| =6.4.13+dfsg-1 \|\| =6.4.14+dfsg-1 \|\| =6.4.15+dfsg-1 \|\| =6.4.16+dfsg-1 \|\| =6.4.16+dfsg-2 \|\| =6.4.17+dfsg-1 \|\| =6.4.17+dfsg-2 \|\| =6.4.17+dfsg-3 \|\| =6.4.17+dfsg-4 \|\| =6.4.17+dfsg-5 \|\| =6.4.17+dfsg-6 \|\| =6.4.18+dfsg-1 \|\| =6.4.19+dfsg-1 \|\| =6.4.19+dfsg-2 \|\| =6.4.2+dfsg-1 \|\| =6.4.20+dfsg-1 \|\| =6.4.20+dfsg-2 \|\| =6.4.21+dfsg-1 \|\| =6.4.21+dfsg-2 \|\| =6.4.24+dfsg-1 \|\| =6.4.25+dfsg-1 \|\| =6.4.3+dfsg-1 \|\| =6.4.4+dfsg-1 \|\| =6.4.4+dfsg-2 \|\| =6.4.4+dfsg-3 \|\| =6.4.4+dfsg-4 \|\| =6.4.5+dfsg-1 \|\| =6.4.5+dfsg-2 \|\| =6.4.5+dfsg-3 \|\| =6.4.5+dfsg-4 \|\| =6.4.6+dfsg-1 \|\| =6.4.7+dfsg-1 \|\| =6.4.9+dfsg-1 \|\| =7.0.4+dfsg-1 \|\| =7.0.5+dfsg-1 \|\| =7.0.6+dfsg-1 \|\| =7.0.7+dfsg-1 \|\| =7.1.0~beta1+dfsg-1 \|\| =7.1.0~rc1+dfsg-1 \|\| =7.1.2+dfsg-1 \|\| =7.1.3+dfsg-1 \|\| =7.1.4+dfsg-1 \|\| =7.1.5+dfsg-1 \|\| =7.2.0~beta1+dfsg-1 \|\| =7.2.0~beta2+dfsg-1 \|\| =7.2.0~rc1+dfsg-1 \|\| =7.2.1+dfsg-1 \|\| =7.2.2+dfsg-1 \|\| =7.2.3+dfsg-1 \|\| =7.2.4+dfsg-1 \|\| =7.2.5+dfsg-1 \|\| =7.2.6-1 \|\| =7.3.0+dfsg-1 \|\| =7.3.0~beta1+dfsg-1 \|\| =7.3.0~beta2+dfsg-1 \|\| =7.3.0~rc1+dfsg-1 \|\| =7.3.1+dfsg-1 \|\| =7.3.2+dfsg-1 \|\| =7.3.3+dfsg-1 \|\| =7.3.4+dfsg-1 \|\| =7.3.5-1 \|\| =7.4.0+dfsg-1 \|\| =7.4.0+dfsg-2 \|\| =7.4.0~beta1-1 \|\| =7.4.0~beta1-2 \|\| =7.4.0~beta2+dfsg-1 \|\| =7.4.0~beta2+dfsg-2 \|\| =7.4.0~beta2+dfsg-3 \|\| =7.4.0~rc1+dfsg-1 \|\| =7.4.0~rc2+dfsg-1 \|\| =7.4.0~rc3+dfsg-1 \|\| =7.4.10+dfsg-1 \|\| =7.4.12+dfsg-1 \|\| =7.4.13+dfsg-1 \|\| =7.4.2+dfsg-1 \|\| =7.4.2+dfsg-2 \|\| =7.4.3+dfsg-1 \|\| =7.4.4+dfsg-1 \|\| =7.4.5+dfsg-1 \|\| =7.4.6+dfsg-1 \|\| =7.4.6+dfsg-2 \|\| =7.4.7+dfsg-1 \|\| =7.4.8+dfsg-1 \|\| =7.4.9+dfsg-1 \|\| =8.0.0+dfsg-1 \|\| =8.0.0~beta2+dfsg-1 \|\| =8.0.0~beta2+dfsg-2 \|\| =8.0.0~rc1+dfsg-1 \|\| =8.0.0~rc2+dfsg-1 \|\| =8.0.0~rc3+dfsg-1 \|\| =8.0.10-1 \|\| =8.0.11+dfsg-1 \|\| =8.0.12+dfsg-1 \|\| =8.0.13+dfsg-1 \|\| =8.0.2+dfsg-1 \|\| =8.0.3+dfsg-1 \|\| =8.0.4+dfsg-1 \|\| =8.0.5+dfsg-1 \|\| =8.0.6+dfsg-1 \|\| =8.0.7+dfsg-1 \|\| =8.0.8+dfsg-1 \|\| =8.0.9+dfsg-1	-
debian 12	symfony	=5.4.23+dfsg-1 \|\| =5.4.23+dfsg-1+deb12u1 \|\| =5.4.23+dfsg-1+deb12u2 \|\| =5.4.23+dfsg-1+deb12u3 \|\| =5.4.23+dfsg-1+deb12u4 \|\| =5.4.23+dfsg-1+deb12u5 \|\| =5.4.24+dfsg-1 \|\| =5.4.25+dfsg-1 \|\| =5.4.27+dfsg-1 \|\| =5.4.28+dfsg-1 \|\| =5.4.29+dfsg-1 \|\| =5.4.30+dfsg-1 \|\| =5.4.31+dfsg-1 \|\| =5.4.31+dfsg-2 \|\| =5.4.32+dfsg-1 \|\| =5.4.33+dfsg-1 \|\| =5.4.34+dfsg-1 \|\| =5.4.34+dfsg-2 \|\| =5.4.35+dfsg-1 \|\| =5.4.35+dfsg-2 \|\| =5.4.35+dfsg-3 \|\| =6.3.0+dfsg-1 \|\| =6.3.0~rc1+dfsg-1 \|\| =6.3.0~rc2+dfsg-1 \|\| =6.3.1+dfsg-1 \|\| =6.3.3+dfsg-1 \|\| =6.3.4+dfsg-1 \|\| =6.3.5+dfsg-1 \|\| =6.3.6+dfsg-1 \|\| =6.3.7+dfsg-1 \|\| =6.4.0+dfsg-1 \|\| =6.4.0~beta2+dfsg-1 \|\| =6.4.0~beta3+dfsg-1 \|\| =6.4.0~rc1+dfsg-1 \|\| =6.4.0~rc2+dfsg-1 \|\| =6.4.1+dfsg-1 \|\| =6.4.10+dfsg-1 \|\| =6.4.11+dfsg-1 \|\| =6.4.12+dfsg-1 \|\| =6.4.13+dfsg-1 \|\| =6.4.14+dfsg-1 \|\| =6.4.15+dfsg-1 \|\| =6.4.16+dfsg-1 \|\| =6.4.16+dfsg-2 \|\| =6.4.17+dfsg-1 \|\| =6.4.17+dfsg-2 \|\| =6.4.17+dfsg-3 \|\| =6.4.17+dfsg-4 \|\| =6.4.17+dfsg-5 \|\| =6.4.17+dfsg-6 \|\| =6.4.18+dfsg-1 \|\| =6.4.19+dfsg-1 \|\| =6.4.19+dfsg-2 \|\| =6.4.2+dfsg-1 \|\| =6.4.20+dfsg-1 \|\| =6.4.20+dfsg-2 \|\| =6.4.21+dfsg-1 \|\| =6.4.21+dfsg-2 \|\| =6.4.24+dfsg-1 \|\| =6.4.25+dfsg-1 \|\| =6.4.3+dfsg-1 \|\| =6.4.4+dfsg-1 \|\| =6.4.4+dfsg-2 \|\| =6.4.4+dfsg-3 \|\| =6.4.4+dfsg-4 \|\| =6.4.5+dfsg-1 \|\| =6.4.5+dfsg-2 \|\| =6.4.5+dfsg-3 \|\| =6.4.5+dfsg-4 \|\| =6.4.6+dfsg-1 \|\| =6.4.7+dfsg-1 \|\| =6.4.9+dfsg-1 \|\| =7.0.4+dfsg-1 \|\| =7.0.5+dfsg-1 \|\| =7.0.6+dfsg-1 \|\| =7.0.7+dfsg-1 \|\| =7.1.0~beta1+dfsg-1 \|\| =7.1.0~rc1+dfsg-1 \|\| =7.1.2+dfsg-1 \|\| =7.1.3+dfsg-1 \|\| =7.1.4+dfsg-1 \|\| =7.1.5+dfsg-1 \|\| =7.2.0~beta1+dfsg-1 \|\| =7.2.0~beta2+dfsg-1 \|\| =7.2.0~rc1+dfsg-1 \|\| =7.2.1+dfsg-1 \|\| =7.2.2+dfsg-1 \|\| =7.2.3+dfsg-1 \|\| =7.2.4+dfsg-1 \|\| =7.2.5+dfsg-1 \|\| =7.2.6-1 \|\| =7.3.0+dfsg-1 \|\| =7.3.0~beta1+dfsg-1 \|\| =7.3.0~beta2+dfsg-1 \|\| =7.3.0~rc1+dfsg-1 \|\| =7.3.1+dfsg-1 \|\| =7.3.2+dfsg-1 \|\| =7.3.3+dfsg-1 \|\| =7.3.4+dfsg-1 \|\| =7.3.5-1 \|\| =7.4.0+dfsg-1 \|\| =7.4.0+dfsg-2 \|\| =7.4.0~beta1-1 \|\| =7.4.0~beta1-2 \|\| =7.4.0~beta2+dfsg-1 \|\| =7.4.0~beta2+dfsg-2 \|\| =7.4.0~beta2+dfsg-3 \|\| =7.4.0~rc1+dfsg-1 \|\| =7.4.0~rc2+dfsg-1 \|\| =7.4.0~rc3+dfsg-1 \|\| =7.4.10+dfsg-1 \|\| =7.4.12+dfsg-1 \|\| =7.4.13+dfsg-1 \|\| =7.4.2+dfsg-1 \|\| =7.4.2+dfsg-2 \|\| =7.4.3+dfsg-1 \|\| =7.4.4+dfsg-1 \|\| =7.4.5+dfsg-1 \|\| =7.4.6+dfsg-1 \|\| =7.4.6+dfsg-2 \|\| =7.4.7+dfsg-1 \|\| =7.4.8+dfsg-1 \|\| =7.4.9+dfsg-1 \|\| =8.0.0+dfsg-1 \|\| =8.0.0~beta2+dfsg-1 \|\| =8.0.0~beta2+dfsg-2 \|\| =8.0.0~rc1+dfsg-1 \|\| =8.0.0~rc2+dfsg-1 \|\| =8.0.0~rc3+dfsg-1 \|\| =8.0.10-1 \|\| =8.0.11+dfsg-1 \|\| =8.0.12+dfsg-1 \|\| =8.0.13+dfsg-1 \|\| =8.0.2+dfsg-1 \|\| =8.0.3+dfsg-1 \|\| =8.0.4+dfsg-1 \|\| =8.0.5+dfsg-1 \|\| =8.0.6+dfsg-1 \|\| =8.0.7+dfsg-1 \|\| =8.0.8+dfsg-1 \|\| =8.0.9+dfsg-1	-
debian 13	symfony	=6.4.21+dfsg-2 \|\| =6.4.21+dfsg-2+deb13u1 \|\| =6.4.24+dfsg-1 \|\| =6.4.25+dfsg-1 \|\| =6.4.40+dfsg-0+deb13u1 \|\| =6.4.41+dfsg-0+deb13u1 \|\| =7.0.4+dfsg-1 \|\| =7.0.5+dfsg-1 \|\| =7.0.6+dfsg-1 \|\| =7.0.7+dfsg-1 \|\| =7.1.0~beta1+dfsg-1 \|\| =7.1.0~rc1+dfsg-1 \|\| =7.1.2+dfsg-1 \|\| =7.1.3+dfsg-1 \|\| =7.1.4+dfsg-1 \|\| =7.1.5+dfsg-1 \|\| =7.2.0~beta1+dfsg-1 \|\| =7.2.0~beta2+dfsg-1 \|\| =7.2.0~rc1+dfsg-1 \|\| =7.2.1+dfsg-1 \|\| =7.2.2+dfsg-1 \|\| =7.2.3+dfsg-1 \|\| =7.2.4+dfsg-1 \|\| =7.2.5+dfsg-1 \|\| =7.2.6-1 \|\| =7.3.0+dfsg-1 \|\| =7.3.0~beta1+dfsg-1 \|\| =7.3.0~beta2+dfsg-1 \|\| =7.3.0~rc1+dfsg-1 \|\| =7.3.1+dfsg-1 \|\| =7.3.2+dfsg-1 \|\| =7.3.3+dfsg-1 \|\| =7.3.4+dfsg-1 \|\| =7.3.5-1 \|\| =7.4.0+dfsg-1 \|\| =7.4.0+dfsg-2 \|\| =7.4.0~beta1-1 \|\| =7.4.0~beta1-2 \|\| =7.4.0~beta2+dfsg-1 \|\| =7.4.0~beta2+dfsg-2 \|\| =7.4.0~beta2+dfsg-3 \|\| =7.4.0~rc1+dfsg-1 \|\| =7.4.0~rc2+dfsg-1 \|\| =7.4.0~rc3+dfsg-1 \|\| =7.4.10+dfsg-1 \|\| =7.4.12+dfsg-1 \|\| =7.4.13+dfsg-1 \|\| =7.4.2+dfsg-1 \|\| =7.4.2+dfsg-2 \|\| =7.4.3+dfsg-1 \|\| =7.4.4+dfsg-1 \|\| =7.4.5+dfsg-1 \|\| =7.4.6+dfsg-1 \|\| =7.4.6+dfsg-2 \|\| =7.4.7+dfsg-1 \|\| =7.4.8+dfsg-1 \|\| =7.4.9+dfsg-1 \|\| =8.0.0+dfsg-1 \|\| =8.0.0~beta2+dfsg-1 \|\| =8.0.0~beta2+dfsg-2 \|\| =8.0.0~rc1+dfsg-1 \|\| =8.0.0~rc2+dfsg-1 \|\| =8.0.0~rc3+dfsg-1 \|\| =8.0.10-1 \|\| =8.0.11+dfsg-1 \|\| =8.0.12+dfsg-1 \|\| =8.0.13+dfsg-1 \|\| =8.0.2+dfsg-1 \|\| =8.0.3+dfsg-1 \|\| =8.0.4+dfsg-1 \|\| =8.0.5+dfsg-1 \|\| =8.0.6+dfsg-1 \|\| =8.0.7+dfsg-1 \|\| =8.0.8+dfsg-1 \|\| =8.0.9+dfsg-1	-
packagist	symfony/security-http	<0	7.1.0
debian 14	symfony	=6.4.21+dfsg-2 \|\| =6.4.24+dfsg-1 \|\| =6.4.25+dfsg-1 \|\| =7.0.4+dfsg-1 \|\| =7.0.5+dfsg-1 \|\| =7.0.6+dfsg-1 \|\| =7.0.7+dfsg-1 \|\| =7.1.0~beta1+dfsg-1 \|\| =7.1.0~rc1+dfsg-1 \|\| =7.1.2+dfsg-1 \|\| =7.1.3+dfsg-1 \|\| =7.1.4+dfsg-1 \|\| =7.1.5+dfsg-1 \|\| =7.2.0~beta1+dfsg-1 \|\| =7.2.0~beta2+dfsg-1 \|\| =7.2.0~rc1+dfsg-1 \|\| =7.2.1+dfsg-1 \|\| =7.2.2+dfsg-1 \|\| =7.2.3+dfsg-1 \|\| =7.2.4+dfsg-1 \|\| =7.2.5+dfsg-1 \|\| =7.2.6-1 \|\| =7.3.0+dfsg-1 \|\| =7.3.0~beta1+dfsg-1 \|\| =7.3.0~beta2+dfsg-1 \|\| =7.3.0~rc1+dfsg-1 \|\| =7.3.1+dfsg-1 \|\| =7.3.2+dfsg-1 \|\| =7.3.3+dfsg-1 \|\| =7.3.4+dfsg-1 \|\| =7.3.5-1 \|\| =7.4.0~beta1-1 \|\| =7.4.0~beta1-2 \|\| =7.4.0~beta2+dfsg-1 \|\| >=0 <7.4.0~beta2+dfsg-2	7.4.0~beta2+dfsg-2

Aliases

1. CVE-2024-366112. NVD-2024-366113. OSV-DEBIAN-2024-366114. OSV-2024-366115. GCVE-2024-366116. SECURITY-TRACKER-CVE-2024-36611

References

1. https://github.com/symfony/symfony/issues/59077#issuecomment-25139350182. https://github.com/github/advisory-database/pull/50463. https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b9259954. https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c5. https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.