NextGuard
UNKNOWNGHSA-ghc5-95c2-vwcv

Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption

Platform

php

Component

auth0/symfony

Fixed in

5.8.0

View on GitHub Advisory

### Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. ### Am I Affected? Consumers are affected if their application meets the following preconditions: - It uses the Auth0 Symfony SDK, versions between 5.0.0 and 5.7.0 - Auth0 Symfony SDK using the Auth0-PHP SDK versions between 8.0.0 to 8.18.0. ### Resolution Upgrade Auth0/symfony-auth0 to version 5.8.0 or greater.

How to fix

No official patch available. Check for workarounds or monitor for updates.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
GHSA-ghc5-95c2-vwcv — Vulnerability Details | NextGuard | NextGuard