FOSUserBundle Session Hijacking Vulnerability · GHSA-6mjq-9x4w-m3w9 · GitHub Advisory Database · GitHub

FOSUserBundle Session Hijacking Vulnerability

High severity GitHub Reviewed Published May 15, 2024 to the GitHub Advisory Database • Updated May 15, 2024

Package

friendsofsymfony/user-bundle (Composer)

Affected versions

>= 1.2.0, < 1.2.4

Patched versions

1.2.4

Description

Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.

References

Published to the GitHub Advisory Database May 15, 2024

Reviewed May 15, 2024

Last updated May 15, 2024