Symfony is vulnerable to denial of service (DoS) attacks. The library does not limit the length of usernames stored in a session. A malicious user can pass multiple long, non-existent usernames to the system to cause it to run out of storage. This can lead to the authentication service being unavailable for use.
CPE | Name | Operator | Version |
---|---|---|---|
symfony/symfony | le | 2.3.40 | |
symfony/symfony | le | 3.0.5 | |
symfony/symfony | le | 2.7.12 | |
symfony/symfony | le | 2.6.13 | |
symfony/symfony | le | 2.2.11 | |
symfony/symfony | le | 2.8.5 |