Approved changes feed: RSS · Atom
cpe:2.3:a:auth0:symfony:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Auth0 (bd827468-a826-51d4-9e05-912ec56b4756) |
|---|---|
| Product | Symfony (44e515ef-b8e6-53f2-8426-c8024fa5e69f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/auth0/symfony |
purl2cpe | 2026-06-01 10:16:14.579686 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-68129 |
vulnerable | 2026-06-03 15:11:02.879941 |
Auth0-PHP SDK has Improper Audience Validation
MEDIUM (6.8)
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue.
Published: 2025-12-17T22:07:35.645Z
Updated: 2025-12-18T15:07:22.780Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.