Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Bittersweet Symfony: Devs accidentally turn off CSRF protection in PHP framework

Developers of the Symfony PHP framework have reversed a recent change that inadvertently turned off protection against cross-site request forgery (CSRF) attacks.

Symfony is a popular PHP framework for web and console applications. The Symfony form component of the open source software features a CSRF protection mechanism that relies on a random token injected in the form.

This protection can be enabled or disabled by changing the configuration setup of the framework. Protection was enabled by default until a recent change in how the configuration was loaded meant that CSRF protection was turned off and needed to be explicitly enabled.

CSRF vulnerabilities creates a mechanism for attackers to trick users into carrying out actions they did not intend to perform. The problem arises in cases where it’s possible for different websites to interfere with each other.

Modern browsers such as Chrome as well as web development frameworks such as Symfony feature built-in protection against CSRF attacks.

Users of affected versions of Symfony (5.3.14 and earlier, 5.4.0-5.4.3, and 6.0.0-6.03) need to upgrade to patched versions, as explained in an advisory posted on GitHub.

The issue – tracked as CVE-2022-23501 – notched a CVSS score of 8.1. Because of its high impact early remediation is recommended.

Source: https://portswigger.net/daily-swig/bittersweet-symfony-devs-accidentally-turn-off-csrf-protection-in-php-framework

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO