Search for vulnerabilities
| Vulnerability ID | VCID-nnxf-zbvz-1qdb |
| Aliases |
GHSA-8wx3-8m4x-g5h4
|
| Summary | FOSUserBundle User Identity Validation Vulnerability Versions of FOSUserBundle prior to 1.2.1 have been found to be vulnerable to a security issue related to user identity validation. Specifically, user refreshing was performed using the primary key instead of the username, leading to a potential security risk if a user is allowed to change their username. The fix in version 1.2.1 addresses this issue by loading the user using the primary key during refreshing. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | MODERATE | https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2012-07-10-1.yaml |
| generic_textual | MODERATE | https://github.com/FriendsOfSymfony/FOSUserBundle |
| generic_textual | MODERATE | https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Changelog.md |
| generic_textual | MODERATE | https://github.com/FriendsOfSymfony/FOSUserBundle/commit/5a36e2958068d1e6501dc8cf39bbae3ebb859d9f |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:21:41.759506+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/friendsofsymfony/user-bundle/GHSA-8wx3-8m4x-g5h4.yml | 38.6.0 |