GHSA-9wv8-3h8h-x2wc

Suggest an improvement
Source
https://github.com/advisories/GHSA-9wv8-3h8h-x2wc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9wv8-3h8h-x2wc/GHSA-9wv8-3h8h-x2wc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9wv8-3h8h-x2wc
Published
2024-05-15T18:45:10Z
Modified
2024-11-29T05:40:17.341383Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
Summary
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Details

it is possible (under certain circumstances) to obtain a valid Zend\Authentication identity even without knowing the user's credentials by using a numerically valued credential in DoctrineModule\Authentication\Adapter\ObjectRepository.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T18:45:10Z"
}
References

Affected packages

Packagist / doctrine/doctrine-module

Package

Name
doctrine/doctrine-module
Purl
pkg:composer/doctrine/doctrine-module

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.2

Affected versions

0.*

0.1.0
0.2.0
0.2.1
0.3.0
0.3.1
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.6.0
0.7.0
0.7.1