Symfony allows user enumeration. A remote attacker is able to discover existing and valid users due to different exception messages returned by the server, as well as the difference in server response time.
github.com/advisories/GHSA-5pv8-ppvj-4h68
github.com/symfony/symfony/commit/2a581d22cc621b33d5464ed65c4bc2057f72f011
github.com/symfony/symfony/security/advisories/GHSA-5pv8-ppvj-4h68
lists.fedoraproject.org/archives/list/[email protected]/message/KENRNLB3FYXYGDWRBH2PDBOZZKOD7VY4/
lists.fedoraproject.org/archives/list/[email protected]/message/RH7TMM5CHQYBFFGXWRPJDPB3SKCZXI2M/
lists.fedoraproject.org/archives/list/[email protected]/message/UC7BND775DVZDQT3RMGD2HVB2PKLJDJW/
lists.fedoraproject.org/archives/list/[email protected]/message/VRUS2H2SSOQWNLBD35SKIWIDQEMV2PD3/