Friends Of Symfony Project » Fosuserbundle : Security Vulnerabilities, CVEs, CVSS score >= 5
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
Max CVSS
5.0
EPSS Score
0.16%
Published
2013-09-25
Updated
2013-10-15
1 vulnerabilities found