MEDIUM
GHSA-8wx3-8m4x-g5h4
FOSUserBundle User Identity Validation Vulnerability
상세
Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their username. The fix in version 1.2.1 addresses this issue by loading the user using the primary key during refreshing.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist / friendsofsymfony/user-bundle
최초 영향 버전:
1.0.0 수정 버전: 1.2.1 수정
composer require friendsofsymfony/user-bundle:^1.2.1 참고
- https://github.com/FriendsOfSymfony/FOSUserBundle/commit/1b8bc18e3d99ef0b52b4141f20da323033d6be9b [WEB]
- https://github.com/FriendsOfSymfony/FOSUserBundle/commit/5a36e2958068d1e6501dc8cf39bbae3ebb859d9f [WEB]
- https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-1.yaml [WEB]
- https://github.com/FriendsOfSymfony/FOSUserBundle [PACKAGE]
- https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md [WEB]