CVE-2019-10911

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 2.7.51 Symfony versions 2.8.x prior to 2.8.50 Symfony versions 3.x prior to 3.4.26 Symfony versions 4.x prior to 4.1.12 Symfony versions 4.2.x prior to 4.2.7

Description A vulnerability in Symfony's security component allows an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This issue is related to the generateCookieHash function in symfony/security and is caused by an error during the authentication process. Exploitation of this vulnerability can allow a remote attacker to bypass the authentication procedure.

Recommendations For Symfony versions prior to 2.7.51, update to version 2.7.51 or later. For Symfony versions 2.8.x prior to 2.8.50, update to version 2.8.50 or later. For Symfony versions 3.x prior to 3.4.26, update to version 3.4.26 or later. For Symfony versions 4.x prior to 4.1.12, update to version 4.1.12 or later. For Symfony versions 4.2.x prior to 4.2.7, update to version 4.2.7 or later.