Fluid Attacks Database

Description

FOSUserBundle User Identity Validation Vulnerability Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their username. The fix in version 1.2.1 addresses this issue by loading the user using the primary key during refreshing.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	friendsofsymfony/user-bundle	>=1.2.0 <1.2.1	1.2.1

Aliases

1. GCVE-GHSA-8wx3-8m4x-g5h4

References

1. https://github.com/FriendsOfSymfony/FOSUserBundle/commit/5a36e2958068d1e6501dc8cf39bbae3ebb859d9f2. https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-1.yaml3. https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.