GHSA-8wx3-8m4x-g5h4: FOSUserBundle User Identity Validation Vulnerability
Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their username. The fix in version 1.2.1 addresses this issue by loading the user using the primary key during refreshing.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-1.yaml
- github.com/FriendsOfSymfony/FOSUserBundle
- github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md
- github.com/FriendsOfSymfony/FOSUserBundle/commit/5a36e2958068d1e6501dc8cf39bbae3ebb859d9f
- github.com/advisories/GHSA-8wx3-8m4x-g5h4
Code Behaviors & Features
Detect and mitigate GHSA-8wx3-8m4x-g5h4 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →