vulnerability

Ubuntu: USN-7272-1 (CVE-2024-50341): Symfony vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Nov 6, 2024	Feb 20, 2025	Aug 18, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Nov 6, 2024

Added

Feb 20, 2025

Modified

Aug 18, 2025

Description

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Solution

ubuntu-pro-upgrade-php-symfony

References

CVE-2024-50341
https://attackerkb.com/topics/CVE-2024-50341
CWE-287
UBUNTU-USN-7272-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today