CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report.
Configurations

No configuration.

History

03 Dec 2024, 21:15

Type Values Removed Values Added
References
  • () https://github.com/github/advisory-database/pull/5046 -
  • () https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018 -
Summary (en) In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. (en) In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report.

03 Dec 2024, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
Summary
  • (es) En Symfony v7.07, se identificó una vulnerabilidad de seguridad en el componente FormLoginAuthenticator, que no podía gestionar adecuadamente los casos en los que el campo de nombre de usuario o contraseña de una solicitud de inicio de sesión estaba vacío. Este fallo podría generar varios riesgos de seguridad, incluido el manejo inadecuado de la lógica de autenticación o la denegación de servicio.
CWE CWE-863

29 Nov 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-29 19:15

Updated : 2024-12-03 21:15


NVD link : CVE-2024-36611

Mitre link : CVE-2024-36611

CVE.ORG link : CVE-2024-36611


JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization