VDB
EN
MEDIUM

GHSA-8wx3-8m4x-g5h4

FOSUserBundle User Identity Validation Vulnerability

상세

Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their username. The fix in version 1.2.1 addresses this issue by loading the user using the primary key during refreshing.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Packagist / friendsofsymfony/user-bundle
최초 영향 버전: 1.0.0 수정 버전: 1.2.1
수정 composer require friendsofsymfony/user-bundle:^1.2.1

참고