Symfony · Symfony · CVE-2024-36611
Name of the Vulnerable Software and Affected Versions:
Symfony version 7.07
Description:
A security issue was identified in the FormLoginAuthenticator component of Symfony, where it failed to adequately handle cases where the `username` or `password` field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. However, the supplier has concluded that this report is false.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.