Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Firewall configured with unanimous strategy was not actually unanimous in symfony/security-http
Vulnerability Description
In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Sensio Labs symfony/security-http 授权问题漏洞
Vulnerability Description
Sensio Labs Symfony是法国Sensio Labs公司的一套免费的、基于MVC架构的PHP开发框架。该框架提供常用的功能组件及工具,可用于快速创建复杂的WEB程序。 Sensio Labs symfony/security-http 4.4.7之前版本和5.0.7之前版本中存在授权问题漏洞,该漏洞源于程序无法检查属性。攻击者可通过发送特制的请求利用该漏洞绕过身份验证并获取管理权限。
CVSS Information
N/A
Vulnerability Type
N/A