GHSA-ghc5-95c2-vwcv: auth0/symfony Cookie Encryption Weakness
Plattform
php
Komponente
auth0/symfony
Behoben in
5.8.0
GHSA-ghc5-95c2-vwcv describes a vulnerability in applications built with the Auth0 PHP SDK where cookies are encrypted with insufficient entropy. This may allow attackers to brute-force the encryption key and forge session cookies. This affects applications using Auth0 Symfony SDK versions 5.0.0 to 5.7.0 and Auth0-PHP SDK versions 8.0.0 to 8.18.0. Upgrade Auth0/symfony-auth0 to version 5.8.0 or greater to resolve this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is GHSA-ghc5-95c2-vwcv?
GHSA-ghc5-95c2-vwcv is a cookie encryption weakness in auth0/symfony that can allow attackers to forge session cookies.
Am I affected by GHSA-ghc5-95c2-vwcv?
You are affected if you are using Auth0 Symfony SDK versions 5.0.0 to 5.7.0 and Auth0-PHP SDK versions 8.0.0 to 8.18.0.
How do I fix GHSA-ghc5-95c2-vwcv?
Upgrade Auth0/symfony-auth0 to version 5.8.0 or greater.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten