Information Exposure Affecting ezsystems/repository-forms package, versions >=2.3.0, <2.3.2.1
Snyk CVSS
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-EZSYSTEMSREPOSITORYFORMS-72644
- published 28 Nov 2018
- disclosed 26 Nov 2018
- credit Unknown
How to fix?
Upgrade ezsystems/repository-forms
to version 2.3.2.1 or higher.
Overview
ezsystems/repository-forms provides form-based integration for the Symfony Forms into Repository Value objects in Kernel.
Affected versions of this package are vulnerable to Information Exposure. A malicious user could bypass permission checks and read data such name and email (not passwords) of other users.