Fluid Attacks Database

Description

Symfony Incorrect Access Control Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	symfony/symfony	>=2.7.30 <2.7.32 \|\| >=2.8.23 <2.8.25 \|\| >=3.2.10 <3.2.12 \|\| >=3.3.3 <3.3.5	2.7.32, 2.8.25, 3.2.12, 3.3.5
packagist	symfony/security	>=2.7.30 <2.7.32 \|\| >=2.8.23 <2.8.25 \|\| >=3.2.10 <3.2.12 \|\| >=3.3.3 <3.3.5	2.7.32, 2.8.25, 3.2.12, 3.3.5
packagist	symfony/security-core	>=2.7.30 <2.7.32 \|\| >=2.8.23 <2.8.25 \|\| >=3.2.10 <3.2.12 \|\| >=3.3.3 <3.3.5	2.7.32, 2.8.25, 3.2.12, 3.3.5

Aliases

1. CVE-2017-113652. NVD-2017-113653. OSV-2017-113654. GCVE-2017-11365

References

1. https://github.com/symfony/symfony/pull/235072. https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f3. https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2017-11365.yaml4. https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2017-11365.yaml5. https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2017-11365.yaml6. https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue7. https://symfony.com/cve-2017-11365