VulnerableCode Package Details - pkg:composer/friendsofsymfony/user-bundle@1.2.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-cp9j-3948-mud8 Aliases: GMS-2014-38	Insufficient Entropy Entropy is lost in the `TokenGenerator`.	1.3.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ky5a-sata-5yf6 Aliases: CVE-2013-5750 GHSA-9mpf-g3fc-9rgv	Uncontrolled Resource Consumption The login form in the FriendsOfSymfony FOSUserBundle bundle for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.	1.2.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cp9j-3948-mud8
Aliases:
GMS-2014-38

Insufficient Entropy Entropy is lost in the `TokenGenerator`.

1.3.0
Affected by 1 other vulnerability.

VCID-ky5a-sata-5yf6
Aliases:
CVE-2013-5750
GHSA-9mpf-g3fc-9rgv

Uncontrolled Resource Consumption The login form in the FriendsOfSymfony FOSUserBundle bundle for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.

1.2.5
Affected by 1 other vulnerability.

1.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-98wp-9e1h-yfgg	Improper Authentication user-bundle contains a security issue where the session could be hijacked.	GMS-2012-7
VCID-fkq5-7t4p-jbdk	FOSUserBundle Session Hijacking Vulnerability Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.	GHSA-6mjq-9x4w-m3w9

Vulnerability

Summary

Aliases

VCID-98wp-9e1h-yfgg

Improper Authentication user-bundle contains a security issue where the session could be hijacked.

GMS-2012-7

VCID-fkq5-7t4p-jbdk

FOSUserBundle Session Hijacking Vulnerability Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks.

GHSA-6mjq-9x4w-m3w9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:04:28.029712+00:00	GitLab Importer	Affected by	VCID-cp9j-3948-mud8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GMS-2014-38.yml	38.6.0
2026-06-04T20:03:44.975122+00:00	GitLab Importer	Affected by	VCID-ky5a-sata-5yf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/CVE-2013-5750.yml	38.6.0
2026-06-04T16:51:13.793503+00:00	GithubOSV Importer	Fixing	VCID-fkq5-7t4p-jbdk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6mjq-9x4w-m3w9/GHSA-6mjq-9x4w-m3w9.json	38.6.0
2026-06-04T16:21:41.881873+00:00	GitLab Importer	Fixing	VCID-fkq5-7t4p-jbdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GHSA-6mjq-9x4w-m3w9.yml	38.6.0
2026-06-02T04:36:05.519431+00:00	GitLab Importer	Fixing	VCID-98wp-9e1h-yfgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GMS-2012-7.yml	38.6.0