From 886b684b4b0df5c8292f8ce95747fa6fe119d2c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Tue, 3 Dec 2024 10:26:24 +0100 Subject: [PATCH] Improve GHSA-7q22-x757-cmgc --- .../11/GHSA-7q22-x757-cmgc/GHSA-7q22-x757-cmgc.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/advisories/github-reviewed/2024/11/GHSA-7q22-x757-cmgc/GHSA-7q22-x757-cmgc.json b/advisories/github-reviewed/2024/11/GHSA-7q22-x757-cmgc/GHSA-7q22-x757-cmgc.json index 04dce5422e5bd..ce2565903acb0 100644 --- a/advisories/github-reviewed/2024/11/GHSA-7q22-x757-cmgc/GHSA-7q22-x757-cmgc.json +++ b/advisories/github-reviewed/2024/11/GHSA-7q22-x757-cmgc/GHSA-7q22-x757-cmgc.json @@ -1,17 +1,17 @@ { "schema_version": "1.4.0", "id": "GHSA-7q22-x757-cmgc", - "modified": "2024-12-02T20:21:10Z", + "modified": "2024-12-02T20:21:11Z", "published": "2024-11-29T21:31:03Z", "aliases": [ "CVE-2024-36611" ], "summary": "Symfony http-security has authentication bypass", - "details": "In Symfony, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service.", + "details": "no security issue.\nFlase report", "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ @@ -28,7 +28,7 @@ "introduced": "0" }, { - "fixed": "7.1.0" + "fixed": "0.0.0" } ] } @@ -57,7 +57,7 @@ "cwe_ids": [ "CWE-287" ], - "severity": "MODERATE", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-12-02T20:21:10Z", "nvd_published_at": "2024-11-29T19:15:06Z"