CVE-2013-5958: Uncontrolled Resource Consumption

December 27, 2014 (updated December 29, 2014)

The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

References

github.com/symfony/polyfill/pull/155

Detect and mitigate CVE-2013-5958 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →