Symfony · Symfony · CVE-2022-23601
**Name of the Vulnerable Software and Affected Versions**
Symfony versions prior to the patch versions listed
**Description**
The issue is related to insufficient authentication of executed requests in the Symfony framework, which can allow a remote attacker to perform a CSRF attack. The Symfony form component provides a CSRF protection mechanism using a random token injected in the form and stored in the session. However, due to a recent change in the configuration loading, the default behavior of enabling CSRF protection has been dropped, making applications sensitive to CSRF attacks when the protection is not explicitly enabled.
**Recommendations**
For Symfony versions prior to the patch versions listed, update to a version that includes the patch to resolve the issue.
As a temporary workaround, consider enabling the CSRF protection mechanism explicitly in the configuration to prevent CSRF attacks.