Composer audit fails for symfony/security-http 6.4.15 (newest version) #59077
Description
Symfony version(s) affected
6.4.15
Description
When running composer audit it fails:
composer audit
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | symfony/security-http |
| Severity | medium |
| CVE | CVE-2024-36611 |
| Title | Symfony http-security has authentication bypass |
| URL | https://github.com/advisories/GHSA-7q22-x757-cmgc |
| Affected versions | <7.1.0 |
| Reported at | 2024-11-29T21:31:03+00:00 |
+-------------------+----------------------------------------------------------------------------------+
composer info | grep symfony/security-http
symfony/security-http 6.4.15 Symfony Security Component - HTTP Integration
How to reproduce
Run composer audit having symfony/security-http@6.4.15 installed.
Possible Solution
Cherry-pick #53851 to 6.x.
Additional Context
No response