Low severity3.1OSV Advisory· Published Nov 6, 2024· Updated Jun 17, 2026
CVE-2024-50341
CVE-2024-50341
Description
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom user_checker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the Security::login method now ensure to call the configured user_checker. All users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/security-bundlePackagist | >= 6.2.0, < 6.4.10 | 6.4.10 |
symfony/security-bundlePackagist | >= 7.0.0, < 7.0.10 | 7.0.10 |
symfony/security-bundlePackagist | >= 7.1.0, < 7.1.3 | 7.1.3 |
symfony/symfonyPackagist | >= 6.2.0, < 6.4.10 | 6.4.10 |
symfony/symfonyPackagist | >= 7.0.0, < 7.0.10 | 7.0.10 |
symfony/symfonyPackagist | >= 7.1.0, < 7.1.3 | 7.1.3 |
Affected products
3- Range: v7.0.0, v7.0.1, v7.0.2, …
- ghsa-coords2 versions
>= 6.2.0, < 6.4.10+ 1 more
- (no CPE)range: >= 6.2.0, < 6.4.10
- (no CPE)range: >= 6.2.0, < 6.4.10
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-jxgr-3v7q-3w9vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-50341ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-bundle/CVE-2024-50341.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50341.yamlghsaWEB
- github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105nvdWEB
- github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9vnvdWEB
- symfony.com/cve-2024-50341ghsaWEB
News mentions
0No linked articles in our index yet.