Friends Of Symfony Project: >> Fosuserbundle Security Vulnerabilities
The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-09-25