Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/friendsofsymfony/user-bundle@1.2.4
purl pkg:composer/friendsofsymfony/user-bundle@1.2.4
Next non-vulnerable version 1.3.5
Latest non-vulnerable version 1.3.5
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-cp9j-3948-mud8
Aliases:
GMS-2014-38
Insufficient Entropy Entropy is lost in the `TokenGenerator`.
1.3.0
Affected by 2 other vulnerabilities.
VCID-ky5a-sata-5yf6
Aliases:
CVE-2013-5750
GHSA-9mpf-g3fc-9rgv
Uncontrolled Resource Consumption The login form in the FriendsOfSymfony FOSUserBundle bundle for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
1.2.5
Affected by 2 other vulnerabilities.
1.3.3
Affected by 1 other vulnerability.
VCID-yyyq-za39-r3hh
Aliases:
GHSA-pjx8-984p-7p3x
FOSUserBundle Entropy is lost in the TokenGenerator Because of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.
1.3.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-98wp-9e1h-yfgg Improper Authentication user-bundle contains a security issue where the session could be hijacked. GMS-2012-7
VCID-fkq5-7t4p-jbdk FOSUserBundle Session Hijacking Vulnerability Versions of FOSUserBundle from 1.2.x to 1.2.4 have been found to contain a security vulnerability related to session hijacking. This issue has been addressed in version 1.2.4, and users are strongly advised to upgrade to the latest version to prevent potential session-related security risks. GHSA-6mjq-9x4w-m3w9

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T04:54:52.084430+00:00 GitLab Importer Affected by VCID-yyyq-za39-r3hh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GHSA-pjx8-984p-7p3x.yml 38.6.0
2026-06-05T21:43:15.313976+00:00 GHSA Importer Fixing VCID-fkq5-7t4p-jbdk https://github.com/advisories/GHSA-6mjq-9x4w-m3w9 38.6.0
2026-06-04T20:04:28.029712+00:00 GitLab Importer Affected by VCID-cp9j-3948-mud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GMS-2014-38.yml 38.6.0
2026-06-04T20:03:44.975122+00:00 GitLab Importer Affected by VCID-ky5a-sata-5yf6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/CVE-2013-5750.yml 38.6.0
2026-06-04T16:51:13.793503+00:00 GithubOSV Importer Fixing VCID-fkq5-7t4p-jbdk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6mjq-9x4w-m3w9/GHSA-6mjq-9x4w-m3w9.json 38.6.0
2026-06-04T16:21:41.881873+00:00 GitLab Importer Fixing VCID-fkq5-7t4p-jbdk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GHSA-6mjq-9x4w-m3w9.yml 38.6.0
2026-06-02T04:36:05.519431+00:00 GitLab Importer Fixing VCID-98wp-9e1h-yfgg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GMS-2012-7.yml 38.6.0