9.4 C
Paris
Sunday, November 27, 2022

Developers Accidentally Turned Off CSRF Protection in Popular PHP Framework

Developers Accidentally Turned Off CSRF Protection in Popular PHP Framework

Developers of the popular Symfony PHP framework have reversed a recent change that accidentally turned off protection against cross-site request forgery (CSRF) attacks.

Affected Versions

Users of affected versions of Symfony (5.3.14 and earlier, 5.4.0-5.4.3, and 6.0.0-6.03) need to upgrade to patched versions, as explained in an advisory posted on GitHub.

- Advertisement -

The issue tracked as CVE-2022-23501 has a CVSS score of 8.1. Because of its high impact early remediation is recommended.

CFRF Vulnerabilities

CSRF vulnerabilities create a mechanism for attackers to trick users into carrying out actions they did not intend to perform. The problem arises in cases where it’s possible for different websites to interfere with each other.

Website | + posts

Also Read