symfony/security-http Security Advisories for v5.3.0 (3)
-
CVE-2026-45063: Identity Spoofing via Unanchored DN Regex in X509Authenticator
PKSA-tbsf-h7vc-j7hn CVE-2026-45063
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.52|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.40|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
PKSA-rqvm-b18n-vg69 CVE-2024-51996 GHSA-cg23-qf8f-62rr
Affected version: >=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2021-32693: Authentication granted to all firewalls instead of just one
PKSA-gg1d-f43j-pd8z CVE-2021-32693 GHSA-rfcf-m67m-jcrq
Affected version: >=5.3.0,<5.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories