Description

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. NOTE: the Supplier has concluded that this is a false report.

INFO

Published Date :

2024-11-29T00:00:00.000Z

Last Modified :

2025-01-06T17:44:44.438Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36611 vulnerability.

Vendors Products
Symfony
  • Symfony
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36611.

URL Resource
https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c cve-icon cve-icon
https://github.com/github/advisory-database/pull/5046 cve-icon cve-icon
https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132 cve-icon cve-icon
https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995 cve-icon cve-icon
https://github.com/symfony/symfony/issues/59077#issuecomment-2513935018 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact