Fluid Attacks Database

Description

FOSUserBundle Session Hijacking Vulnerability Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	friendsofsymfony/user-bundle	>=1.2.0 <1.2.4	1.2.4

Aliases

1. GCVE-GHSA-6mjq-9x4w-m3w9

References

1. https://github.com/FriendsOfSymfony/FOSUserBundle/commit/8e412a70cafd924ad04c7325dae423048861b9552. https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-2.yaml3. https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.