Developers Accidentally Turned Off CSRF Protection in Popular PHP Framework

Developers of the popular Symfony PHP framework have reversed a recent change that accidentally turned off protection against cross-site request forgery (CSRF) attacks.

Affected Versions

Users of affected versions of Symfony (5.3.14 and earlier, 5.4.0-5.4.3, and 6.0.0-6.03) need to upgrade to patched versions, as explained in an advisory posted on GitHub.

- Advertisement -

The issue tracked as CVE-2022-23501 has a CVSS score of 8.1. Because of its high impact early remediation is recommended.

CFRF Vulnerabilities

CSRF vulnerabilities create a mechanism for attackers to trick users into carrying out actions they did not intend to perform. The problem arises in cases where it’s possible for different websites to interfere with each other.

TheCISO

Website | + posts

SourcePortswigger

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Developers Accidentally Turned Off CSRF Protection in Popular PHP Framework

Affected Versions

CFRF Vulnerabilities

TheCISO

Also Read

Five Penetration Testing Frameworks and Methodologies

Defense in Depth – The Layered Approach to Cybersecurity

How to Become a Cybersecurity Expert

How to be Anonymous Online

A List of Tools to Help you Detect the Log4j Vulnerability

Cybersecurity Analyst Interview Questions

The Internet of Medical Things and Cybersecurity Risk

Find Information About a Person on Instagram with OSINTgram

NIST Publications on Penetration Testing

Penetration Testing: Pre-Engagement Interactions

Menu

Popular Categories