Improve GHSA-cg23-qf8f-62rr

github · Nov 14, 2024 · b51871b · b51871b
1 parent d773f86
commit b51871b
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/advisories/github-reviewed/2024/11/GHSA-cg23-qf8f-62rr/GHSA-cg23-qf8f-62rr.json b/advisories/github-reviewed/2024/11/GHSA-cg23-qf8f-62rr/GHSA-cg23-qf8f-62rr.json
@@ -1,18 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cg23-qf8f-62rr",
-  "modified": "2024-11-13T18:58:39Z",
+  "modified": "2024-11-13T18:58:41Z",
   "published": "2024-11-13T18:29:04Z",
   "aliases": [
     "CVE-2024-51996"
   ],
-  "summary": "Symphony has an Authentication Bypass via RememberMe",
+  "summary": "Symfony has an Authentication Bypass via RememberMe",
   "details": "### Description\n\nWhan consuming a persisted remember-me cookie, symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass.\n\n### Resolution\n\nThe `PersistentRememberMeHandler` class now ensures the submitted username is the cookie owner.\n\nThe patch for this issue is available [here](https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a) for branch 5.4.\n\n### Credits\n\nWe would like to thank Moritz Rauch - Pentryx AG for reporting the issue and Jérémy Derussé for providing the fix.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"