VulnerableCode Package Details - pkg:composer/symfony/security-bundle@6.2.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-pdcr-fsbk-63bx Aliases: CVE-2024-50341 GHSA-jxgr-3v7q-3w9v	Symfony's `Security::login` does not take into account custom `user_checker` ### Description The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. ### Resolution The `Security::login` method now ensure to call the configured `user_checker`. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105) for branch 6.4. ### Credits We would like to thank Oleg Andreyev, Antoine MAKDESSI for reporting the issue and Christian Flothmann for providing the fix.	6.4.10 Affected by 0 other vulnerabilities. 7.0.10 Affected by 0 other vulnerabilities. 7.1.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-pdcr-fsbk-63bx
Aliases:
CVE-2024-50341
GHSA-jxgr-3v7q-3w9v

Symfony's `Security::login` does not take into account custom `user_checker` ### Description The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. ### Resolution The `Security::login` method now ensure to call the configured `user_checker`. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105) for branch 6.4. ### Credits We would like to thank Oleg Andreyev, Antoine MAKDESSI for reporting the issue and Christian Flothmann for providing the fix.

6.4.10
Affected by 0 other vulnerabilities.

7.0.10
Affected by 0 other vulnerabilities.

7.1.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-thtp-ehsj-t3ej	Duplicate This advisory duplicates another.	CVE-2022-24895 GHSA-3gv2-29qc-v67m GMS-2023-210 GMS-2023-211

Vulnerability

Summary

Aliases

VCID-thtp-ehsj-t3ej

Duplicate This advisory duplicates another.

CVE-2022-24895
GHSA-3gv2-29qc-v67m
GMS-2023-210
GMS-2023-211

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:13:23.665019+00:00	GitLab Importer	Affected by	VCID-pdcr-fsbk-63bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2024-50341.yml	38.4.0
2026-04-16T22:20:56.926048+00:00	GitLab Importer	Fixing	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.4.0
2026-04-12T00:31:53.981716+00:00	GitLab Importer	Affected by	VCID-pdcr-fsbk-63bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2024-50341.yml	38.3.0
2026-04-11T23:38:55.385175+00:00	GitLab Importer	Fixing	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.3.0
2026-04-03T00:39:37.633613+00:00	GitLab Importer	Affected by	VCID-pdcr-fsbk-63bx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/CVE-2024-50341.yml	38.1.0
2026-04-02T23:43:09.374517+00:00	GitLab Importer	Fixing	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.1.0
2026-04-02T16:58:53.491587+00:00	GHSA Importer	Fixing	VCID-thtp-ehsj-t3ej	https://github.com/advisories/GHSA-3gv2-29qc-v67m	38.1.0
2026-04-01T12:58:20.189461+00:00	GithubOSV Importer	Fixing	VCID-thtp-ehsj-t3ej	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3gv2-29qc-v67m/GHSA-3gv2-29qc-v67m.json	38.0.0
2026-04-01T12:50:50.749435+00:00	GitLab Importer	Fixing	VCID-thtp-ehsj-t3ej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/security-bundle/GMS-2023-210.yml	38.0.0