Name of the Vulnerable Software and Affected Versions FOSUserBundle versions 2.0.x and earlier

Description The usage of base convert in FOSUserBundle results in a loss of precision for large inputs, reducing the entropy of tokens generated for email confirmation and password resetting. This makes the tokens less random and not cryptographically safe.

Recommendations For FOSUserBundle versions 2.0.x and earlier, update the token generation logic to use base64 encoding, which has been backported from the 2.0.x branch. Additionally, update any route placeholder expected to match a token generated by FOSUserBundle to allow dashes by changing the w+ requirement to [w-]+ in regexes.