symfony is vulnerable to privilege escalation. The vulnerability exists due to an insecure authenticated token by one of the firewall being available to all other firewall.
github.com/symfony/security-http/commit/6bf4c31219773a558b019ee12e54572174ff8129
github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728
github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one