WIP: 4543-add-altcha-to-login #52

Draft
gdupont wants to merge 2 commits from 4543-add-altcha-to-login into develop
Owner
No description provided.
gdupont added 2 commits 2025-03-31 14:43:04 +02:00
feat(altcha): add altcha and update dependencies
Some checks failed
Cadoles/hydra-sql/pipeline/head There was a failure building this commit
1cb5ae6bc3
feat(altcha): add altcha validation layer to login
Some checks reported warnings
Cadoles/hydra-sql/pipeline/head This commit is unstable
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
3f667eede1
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 8
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/Controller/FlagController
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* no_empty_statement
* trailing_comma_in_multiline
* no_unused_imports
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/Controller/FlagController`</summary>

**Output** 

applied fixers:

  • ordered_imports```
`src/Flag/FlagAccessor`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Hydra/Client`</summary>

**Output** 

applied fixers:

  • global_namespace_import
  • trailing_comma_in_multiline
  • no_unused_imports```
# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 8 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/Controller/FlagController` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * no_empty_statement * trailing_comma_in_multiline * no_unused_imports * ordered_imports``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline * ordered_imports``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/Controller/FlagController`</summary> **Output** ``` applied fixers: --------------- * ordered_imports``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 LOW v3.14.0 3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 LOW v3.14.0 3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>
Some checks reported warnings
Cadoles/hydra-sql/pipeline/head This commit is unstable
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
This pull request is marked as a work in progress.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin 4543-add-altcha-to-login:4543-add-altcha-to-login
git checkout 4543-add-altcha-to-login
Sign in to join this conversation.
No Reviewers
No Label
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Cadoles/hydra-sql#52
No description provided.