Security Vulnerability in FormLoginAuthenticator Could Lead to Improper Authentication Logic Handling or Denial of Service
CVE-2024-36611

7.5HIGH

Key Information:

Vendor: Symfony
Status: Symfony
Vendor: CVE Published:; 29 November 2024

What is CVE-2024-36611?

A flaw has been identified in the FormLoginAuthenticator component of Symfony v7.0.7, where the system inadequately handles empty input fields during login requests. This vulnerability can potentially lead to improper authentication logic execution and may allow for denial of service conditions. Although reported issues suggest vulnerabilities, the supplier has deemed this specific report as false, indicating that the reported risks may not pose a reality to the security of the component.

References

https://github.com/symfony/symfony/commit/a804ca15fcad279...

https://github.com/symfony/symfony/blob/v7.0.7/src/Symfon...

https://gist.github.com/1047524396/3581425e0911b716cf8ce4...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 30, 2024

CVE-2024-36611 Data

JSON