CVE-2013-5750: Uncontrolled Resource Consumption

September 25, 2013 (updated October 15, 2013)

The login form in the FriendsOfSymfony FOSUserBundle bundle for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.

References

symfony.com/cve-2013-5750

Detect and mitigate CVE-2013-5750 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →