-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| symfony/symfony | composer | >= 2.0.0, < 2.0.25 | 2.0.25 |
| symfony/symfony | composer | >= 2.1.0, < 2.1.13 | 2.1.13 |
| symfony/symfony | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| symfony/symfony | composer | >= 2.3.0, < 2.3.6 | 2.3.6 |
| symfony/polyfill | composer | >= 1.0.0, < 1.10.0 | 1.10.0 |
| symfony/security | composer | >= 2.0.0, < 2.0.25 | 2.0.25 |
| symfony/security | composer | >= 2.1.0, < 2.1.13 | 2.1.13 |
| symfony/security | composer | >= 2.2.0, < 2.2.9 | 2.2.9 |
| symfony/security | composer | >= 2.3.0, < 2.3.6 | 2.3.6 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stemmed from password handling functions not limiting input size before resource-intensive hashing operations. The Security component's encoder interface and its implementations (like Pbkdf2PasswordEncoder) were directly responsible for processing passwords. Patches added length checks in encodePassword() and isPasswordValid(), confirming these as the vulnerable entry points. The CVE description and Symfony's advisory explicitly mention these methods' role in the vulnerability.
KEV Misses 88% of Exploited CVEs- Get the report