friendsofsymfony/user-bundle Security Advisories for 1.2.0 (4)
-
[MEDIUM] Entropy is lost in the TokenGenerator
PKSA-82cw-tyk8-jjch GHSA-pjx8-984p-7p3x
Affected version: >=1.2.0,<1.3.0|>=1.3.0,<1.3.5
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] DOS attack in FOSUserBundle login form
PKSA-txzn-58cq-hc4p CVE-2013-5750 GHSA-9mpf-g3fc-9rgv
Affected version: >=1.2.0,<1.2.5|>=1.3.0,<1.3.3
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Fixed the user refreshing to check the identity by primary key instead of username
PKSA-9y6m-pqt9-vrds GHSA-8wx3-8m4x-g5h4
Affected version: >=1.2.0,<1.2.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] Fixes a security issue where the session could be hijacked
PKSA-d2n8-h7ks-659s GHSA-6mjq-9x4w-m3w9
Affected version: >=1.2.0,<1.2.4
Reported by:
FriendsOfPHP/security-advisories, GitHub