In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| symfony/security-http(Packagist) | 2.7.0 | 2.7.51 | N/A |
| symfony/security-http(Packagist) | 2.8.0 | 2.8.50 | N/A |
| symfony/security-http(Packagist) | 3.0.0 | 3.4.26 | N/A |
| symfony/security-http(Packagist) | 4.0.0 | 4.1.12 | N/A |
| symfony/security-http(Packagist) | 4.2.0 | 4.2.7 | N/A |
| symfony/security(Packagist) | 2.7.0 | 2.7.51 | N/A |
| symfony/security(Packagist) | 2.8.0 | 2.8.50 | N/A |
| symfony/security(Packagist) | 3.0.0 | 3.4.26 | N/A |
| symfony/security(Packagist) | 4.0.0 | 4.1.12 | N/A |
| symfony/security(Packagist) | 4.2.0 | 4.2.7 | N/A |
| symfony/symfony(Packagist) | 2.7.0 | 2.7.51 | N/A |
| symfony/symfony(Packagist) | 2.8.0 | 2.8.50 | N/A |
| symfony/symfony(Packagist) | 3.0.0 | 3.4.26 | N/A |
| symfony/symfony(Packagist) | 4.0.0 | 4.1.12 | N/A |
| symfony/symfony(Packagist) | 4.2.0 | 4.2.7 | N/A |
CVSS Metrics
