-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from Symfony's session management not clearing CSRF tokens during login. The SessionAuthenticationStrategy's onAuthentication method was responsible for session migration but lacked CSRF token clearance. The patch introduced a ClearableTokenStorageInterface dependency and added CSRF token clearance in this method, confirming this was the vulnerable point. The commit diff explicitly shows the addition of CSRF token clearing logic in this function during migration.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| symfony/security-bundle | composer | >= 2.0.0, < 4.4.50 | 4.4.50 |
| symfony/security-bundle | composer | >= 5.0.0, < 5.4.20 | 5.4.20 |
| symfony/security-bundle | composer | >= 6.0.0, < 6.0.20 | 6.0.20 |
| symfony/security-bundle | composer | >= 6.1.0, < 6.1.12 | 6.1.12 |
| symfony/security-bundle | composer | >= 6.2.0, < 6.2.6 | 6.2.6 |
| symfony/symfony | composer | >= 2.0.0, < 4.4.50 | 4.4.50 |
| symfony/symfony | composer | >= 5.0.0, < 5.4.20 | 5.4.20 |
| symfony/symfony | composer | >= 6.0.0, < 6.0.20 | 6.0.20 |
| symfony/symfony | composer | >= 6.1.0, < 6.1.12 | 6.1.12 |
| symfony/symfony | composer | >= 6.2.0, < 6.2.6 | 6.2.6 |
Ongoing coverage of React2Shell