mse#4543 - Add altcha to login form and its feature flag to disable it #52

Merged
mlamalle merged 2 commits from 4543-add-altcha-to-login into develop 2025-04-10 16:12:22 +02:00
Owner

ticket lié CNOUS/mse#4543

PR sur hydra-sql-theme : CNOUS/hydra-sql-mse-theme#12 + CNOUS/hydra-sql-mse-theme#13
PR sur sso-kustom : CadolesKube/sso-kustom#72
PR sur kustomization : CNOUS/mse-kustom#377

Pour tester :

  • builder l'image d'hydra-sql sur son propre harbor (ou utiliser reg.cadoles.com/gdupont/hydra-sql-base:final-test8)
  • modifier le fichier misc/k8s/kustomization/overlays/dev/patches/hydra-sql-deployment.yaml dans le MSE et ajouter son image
  • se connecter au MSE et vérifier la présence d'altcha
  • une alerte doit apparaître si on ne coche pas la case
  • si on coche la case on doit pouvoir se connecter
ticket lié https://forge.cadoles.com/CNOUS/mse/issues/4543 PR sur hydra-sql-theme : https://forge.cadoles.com/CNOUS/hydra-sql-mse-theme/pulls/12 + https://forge.cadoles.com/CNOUS/hydra-sql-mse-theme/pulls/13 PR sur sso-kustom : https://forge.cadoles.com/CadolesKube/sso-kustom/pulls/72 PR sur kustomization : https://forge.cadoles.com/CNOUS/mse-kustom/pulls/377 Pour tester : - builder l'image d'hydra-sql sur son propre harbor (ou utiliser `reg.cadoles.com/gdupont/hydra-sql-base:final-test8`) - modifier le fichier `misc/k8s/kustomization/overlays/dev/patches/hydra-sql-deployment.yaml` dans le MSE et ajouter son image - se connecter au MSE et vérifier la présence d'altcha - une alerte doit apparaître si on ne coche pas la case - si on coche la case on doit pouvoir se connecter
gdupont added 2 commits 2025-03-31 14:43:04 +02:00
feat(altcha): add altcha and update dependencies
Some checks failed
Cadoles/hydra-sql/pipeline/head There was a failure building this commit
1cb5ae6bc3
feat(altcha): add altcha validation layer to login
Some checks reported warnings
Cadoles/hydra-sql/pipeline/head This commit is unstable
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable
3f667eede1
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 8
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/Controller/FlagController
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* no_empty_statement
* trailing_comma_in_multiline
* no_unused_imports
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/Controller/FlagController`</summary>

**Output** 

applied fixers:

  • ordered_imports```
`src/Flag/FlagAccessor`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Hydra/Client`</summary>

**Output** 

applied fixers:

  • global_namespace_import
  • trailing_comma_in_multiline
  • no_unused_imports```
# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 8 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/Controller/FlagController` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * no_empty_statement * trailing_comma_in_multiline * no_unused_imports * ordered_imports``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline * ordered_imports``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/Controller/FlagController`</summary> **Output** ``` applied fixers: --------------- * ordered_imports``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 LOW v3.14.0 3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 LOW v3.14.0 3.14.1, 2.0.0, 3.0.0, 3.11.2

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.3.31-pr52.1441.3f667ee (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>7.1.0, 7.1.8, 5.3.0, 5.4.47, 6.2.0, 5.1.0, 6.1.0, 6.4.0, 5.4.0, 4.4.0, 5.0.0, 5.2.0, 6.3.0, 6.4.15</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>3.0.0, 5.0.0, 5.4.0, 7.1.0, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 5.1.0, 5.2.0, 5.3.0, 7.1.7, 4.0.0, 6.3.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 6.3.0, 6.4.14, 5.4.46, 6.1.0, 6.2.0, 6.4.0, 7.1.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.4.15, 7.1.8, 5.4.47, 6.1.0, 6.2.0, 6.4.0, 5.4.0, 6.3.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.14.1, 2.0.0, 3.0.0, 3.11.2</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont force-pushed 4543-add-altcha-to-login from 3f667eede1 to 9cc4c7ac74 2025-04-02 13:33:02 +02:00 Compare
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 8
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/Controller/FlagController
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* no_empty_statement
* trailing_comma_in_multiline
* no_unused_imports
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline
* ordered_imports```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/Controller/FlagController`</summary>

**Output** 

applied fixers:

  • ordered_imports```
`src/Flag/FlagAccessor`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Hydra/Client`</summary>

**Output** 

applied fixers:

  • global_namespace_import
  • trailing_comma_in_multiline
  • no_unused_imports```
# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 8 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/Controller/FlagController` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * no_empty_statement * trailing_comma_in_multiline * no_unused_imports * ordered_imports``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline * ordered_imports``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/Controller/FlagController`</summary> **Output** ``` applied fixers: --------------- * ordered_imports``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1332.9cc4c7a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont force-pushed 4543-add-altcha-to-login from 9cc4c7ac74 to fa987f5d44 2025-04-02 14:32:18 +02:00 Compare
gdupont changed title from WIP: 4543-add-altcha-to-login to Add altcha to login form and its feature flag to disable it 2025-04-02 14:33:04 +02:00
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* global_namespace_import
* trailing_comma_in_multiline
* no_unused_imports```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * global_namespace_import * trailing_comma_in_multiline * no_unused_imports``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from fa987f5d44 to 4de44dcc8f 2025-04-02 14:36:33 +02:00 Compare
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1436.4de44dc (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.3.0, 5.4.0, 7.1.8, 7.1.0, 5.1.0, 5.2.0, 5.4.47, 6.3.0, 5.0.0, 6.4.15, 4.4.0, 6.1.0, 6.2.0, 6.4.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.2.0, 5.3.0, 6.3.0, 7.1.7, 5.0.0, 6.1.0, 6.2.0, 4.0.0, 5.1.0, 5.4.0, 7.1.0, 3.0.0, 5.4.46, 6.4.0, 6.4.14
symfony/runtime CVE-2024-50340 HIGH v5.4.40 7.1.0, 6.1.0, 6.4.14, 6.2.0, 6.3.0, 6.4.0, 7.1.7, 5.4.0, 5.4.46
symfony/security-http CVE-2024-51996 HIGH v5.4.44 5.4.0, 6.1.0, 6.4.15, 7.1.8, 5.4.47, 6.2.0, 6.3.0, 6.4.0, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1436.4de44dc (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.4.0, 7.1.8, 7.1.0, 5.1.0, 5.2.0, 5.4.47, 6.3.0, 5.0.0, 6.4.15, 4.4.0, 6.1.0, 6.2.0, 6.4.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.2.0, 5.3.0, 6.3.0, 7.1.7, 5.0.0, 6.1.0, 6.2.0, 4.0.0, 5.1.0, 5.4.0, 7.1.0, 3.0.0, 5.4.46, 6.4.0, 6.4.14</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>7.1.0, 6.1.0, 6.4.14, 6.2.0, 6.3.0, 6.4.0, 7.1.7, 5.4.0, 5.4.46</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.0, 6.1.0, 6.4.15, 7.1.8, 5.4.47, 6.2.0, 6.3.0, 6.4.0, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from 4de44dcc8f to 934eefa802 2025-04-02 15:04:35 +02:00 Compare
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1504.934eefa (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont force-pushed 4543-add-altcha-to-login from 934eefa802 to 633e93c129 2025-04-02 16:30:52 +02:00 Compare
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7
symfony/security-http CVE-2024-51996 HIGH v5.4.44 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 LOW v3.14.0 3.0.0, 3.11.2, 3.14.1, 2.0.0
twig/twig CVE-2024-51755 LOW v3.14.0 3.11.2, 3.14.1, 2.0.0, 3.0.0

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.2-pr52.1630.633e93c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.2.0, 6.4.0, 5.1.0, 6.1.0, 6.2.0, 4.4.0, 5.4.0, 5.4.47, 6.3.0, 6.4.15, 7.1.0, 7.1.8, 5.3.0</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>5.0.0, 5.1.0, 6.3.0, 3.0.0, 5.2.0, 5.3.0, 5.4.0, 5.4.46, 6.2.0, 6.4.0, 4.0.0, 6.4.14, 6.1.0, 7.1.7, 7.1.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.4.14, 7.1.0, 6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.7</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>6.1.0, 6.2.0, 6.3.0, 6.4.0, 7.1.8, 5.4.0, 5.4.47, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>LOW</td> <td>v3.14.0</td> <td>3.0.0, 3.11.2, 3.14.1, 2.0.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>LOW</td> <td>v3.14.0</td> <td>3.11.2, 3.14.1, 2.0.0, 3.0.0</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont changed title from Add altcha to login form and its feature flag to disable it to #4543 - Add altcha to login form and its feature flag to disable it 2025-04-07 13:47:56 +02:00
gdupont changed title from #4543 - Add altcha to login form and its feature flag to disable it to mse#4543 - Add altcha to login form and its feature flag to disable it 2025-04-07 13:48:13 +02:00
gdupont force-pushed 4543-add-altcha-to-login from 633e93c129 to d5f275c739 2025-04-09 17:07:46 +02:00 Compare
Owner

Symfony Security Check Report

5 packages have known vulnerabilities.

symfony/http-client (v5.4.44)

  • CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

symfony/http-foundation (v5.4.44)

symfony/runtime (v5.4.40)

symfony/security-http (v5.4.44)

  • CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

twig/twig (v3.14.0)

  • CVE-2024-51754: Unguarded calls to __toString() when nesting an object into an array
  • CVE-2024-51755: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= 5 packages have known vulnerabilities. symfony/http-client (v5.4.44) ----------------------------- * [CVE-2024-50342][]: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient symfony/http-foundation (v5.4.44) --------------------------------- * [CVE-2024-50345][]: Open redirect via browser-sanitized URLs symfony/runtime (v5.4.40) ------------------------- * [CVE-2024-50340][]: Ability to change environment from query symfony/security-http (v5.4.44) ------------------------------- * [CVE-2024-51996][]: Authentication Bypass via persisted RememberMe cookie twig/twig (v3.14.0) ------------------- * [CVE-2024-51754][]: Unguarded calls to __toString() when nesting an object into an array * [CVE-2024-51755][]: Unguarded calls to __isset() and to array-accesses when the sandbox is enabled [CVE-2024-50342]: https://symfony.com/cve-2024-50342 [CVE-2024-50345]: https://symfony.com/cve-2024-50345 [CVE-2024-50340]: https://symfony.com/cve-2024-50340 [CVE-2024-51996]: https://symfony.com/cve-2024-51996 [CVE-2024-51754]: https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array [CVE-2024-51755]: https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0
symfony/security-http CVE-2024-51996 HIGH v5.4.44 5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 MEDIUM v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 MEDIUM v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

Target app/composer.lock

Vulnerabilities (6)

Package ID Severity Installed Version Fixed Version
symfony/http-client CVE-2024-50342 LOW v5.4.44 5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8
symfony/http-foundation CVE-2024-50345 LOW v5.4.44 4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0
symfony/runtime CVE-2024-50340 HIGH v5.4.40 5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0
symfony/security-http CVE-2024-51996 HIGH v5.4.44 5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0
twig/twig CVE-2024-51754 MEDIUM v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1
twig/twig CVE-2024-51755 MEDIUM v3.14.0 2.0.0, 3.0.0, 3.11.2, 3.14.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.9-pr52.1707.d5f275c (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>app/composer.lock</code></h3> <h4>Vulnerabilities (6)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>symfony/http-client</code></td> <td>CVE-2024-50342</td> <td>LOW</td> <td>v5.4.44</td> <td>5.3.0, 5.0.0, 5.4.47, 6.4.15, 5.2.0, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 4.4.0, 5.1.0, 6.2.0, 7.1.0, 7.1.8</td> </tr> <tr> <td><code>symfony/http-foundation</code></td> <td>CVE-2024-50345</td> <td>LOW</td> <td>v5.4.44</td> <td>4.0.0, 5.2.0, 6.3.0, 5.3.0, 6.1.0, 6.4.0, 7.1.0, 7.1.7, 3.0.0, 5.4.0, 5.4.46, 6.4.14, 5.0.0, 5.1.0, 6.2.0</td> </tr> <tr> <td><code>symfony/runtime</code></td> <td>CVE-2024-50340</td> <td>HIGH</td> <td>v5.4.40</td> <td>5.4.0, 5.4.46, 6.2.0, 6.4.0, 7.1.7, 6.1.0, 6.3.0, 6.4.14, 7.1.0</td> </tr> <tr> <td><code>symfony/security-http</code></td> <td>CVE-2024-51996</td> <td>HIGH</td> <td>v5.4.44</td> <td>5.4.47, 6.2.0, 7.1.8, 5.4.0, 6.1.0, 6.3.0, 6.4.0, 6.4.15, 7.1.0</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51754</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> <tr> <td><code>twig/twig</code></td> <td>CVE-2024-51755</td> <td>MEDIUM</td> <td>v3.14.0</td> <td>2.0.0, 3.0.0, 3.11.2, 3.14.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont force-pushed 4543-add-altcha-to-login from d5f275c739 to 3c06f6e09e 2025-04-10 12:56:19 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1256.3c06f6e (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
gdupont force-pushed 4543-add-altcha-to-login from 3c06f6e09e to c37eb95ef4 2025-04-10 13:42:54 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1342.c37eb95 (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1342.c37eb95 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from c37eb95ef4 to f0bebe781c 2025-04-10 13:57:56 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from f0bebe781c to 0c626ef23c 2025-04-10 14:48:14 +02:00 Compare
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1357.f0bebe7 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from 0c626ef23c to 49df10a513 2025-04-10 15:04:41 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1504.49df10a (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (17)

Package ID Severity Installed Version Fixed Version
@babel/helpers CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
@babel/runtime CVE-2025-27789 MEDIUM 7.24.1 7.26.10, 8.0.0-alpha.17
body-parser CVE-2024-45590 HIGH 1.20.2 1.20.3
braces CVE-2024-4068 HIGH 3.0.2 3.0.3
cookie CVE-2024-47764 LOW 0.6.0 0.7.0
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6
express CVE-2024-43796 LOW 4.19.2 4.20.0, 5.0.0
http-proxy-middleware CVE-2024-21536 HIGH 2.0.6 2.0.7, 3.0.3
micromatch CVE-2024-4067 MEDIUM 4.0.5 4.0.8
nanoid CVE-2024-55565 MEDIUM 3.3.7 5.0.9, 3.3.8
path-to-regexp CVE-2024-45296 HIGH 0.1.7 1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0
path-to-regexp CVE-2024-52798 HIGH 0.1.7 0.1.12
send CVE-2024-43799 LOW 0.18.0 0.19.0
serve-static CVE-2024-43800 LOW 1.15.0 1.16.0, 2.1.0
webpack CVE-2024-43788 MEDIUM 5.91.0 5.94.0
ws CVE-2024-37890 HIGH 8.16.0 5.2.4, 6.2.3, 7.5.10, 8.17.1

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1504.49df10a (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (17)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>@babel/helpers</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>@babel/runtime</code></td> <td>CVE-2025-27789</td> <td>MEDIUM</td> <td>7.24.1</td> <td>7.26.10, 8.0.0-alpha.17</td> </tr> <tr> <td><code>body-parser</code></td> <td>CVE-2024-45590</td> <td>HIGH</td> <td>1.20.2</td> <td>1.20.3</td> </tr> <tr> <td><code>braces</code></td> <td>CVE-2024-4068</td> <td>HIGH</td> <td>3.0.2</td> <td>3.0.3</td> </tr> <tr> <td><code>cookie</code></td> <td>CVE-2024-47764</td> <td>LOW</td> <td>0.6.0</td> <td>0.7.0</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> <tr> <td><code>express</code></td> <td>CVE-2024-43796</td> <td>LOW</td> <td>4.19.2</td> <td>4.20.0, 5.0.0</td> </tr> <tr> <td><code>http-proxy-middleware</code></td> <td>CVE-2024-21536</td> <td>HIGH</td> <td>2.0.6</td> <td>2.0.7, 3.0.3</td> </tr> <tr> <td><code>micromatch</code></td> <td>CVE-2024-4067</td> <td>MEDIUM</td> <td>4.0.5</td> <td>4.0.8</td> </tr> <tr> <td><code>nanoid</code></td> <td>CVE-2024-55565</td> <td>MEDIUM</td> <td>3.3.7</td> <td>5.0.9, 3.3.8</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-45296</td> <td>HIGH</td> <td>0.1.7</td> <td>1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0</td> </tr> <tr> <td><code>path-to-regexp</code></td> <td>CVE-2024-52798</td> <td>HIGH</td> <td>0.1.7</td> <td>0.1.12</td> </tr> <tr> <td><code>send</code></td> <td>CVE-2024-43799</td> <td>LOW</td> <td>0.18.0</td> <td>0.19.0</td> </tr> <tr> <td><code>serve-static</code></td> <td>CVE-2024-43800</td> <td>LOW</td> <td>1.15.0</td> <td>1.16.0, 2.1.0</td> </tr> <tr> <td><code>webpack</code></td> <td>CVE-2024-43788</td> <td>MEDIUM</td> <td>5.91.0</td> <td>5.94.0</td> </tr> <tr> <td><code>ws</code></td> <td>CVE-2024-37890</td> <td>HIGH</td> <td>8.16.0</td> <td>5.2.4, 6.2.3, 7.5.10, 8.17.1</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from 49df10a513 to 42def448d1 2025-04-10 15:38:26 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
gdupont force-pushed 4543-add-altcha-to-login from 42def448d1 to 12523398f6 2025-04-10 16:01:27 +02:00 Compare
Owner

Symfony Security Check Report

No packages have known vulnerabilities.

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

Symfony Security Check Report ============================= No packages have known vulnerabilities. Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
Owner

Test report

PHP CS Fixer

Overview

State Total
Passed 0
Skipped 0
Failed 7
Error 0

Total duration: 0s

See details
Status Name Class
src/Form/LoginType
src/Altcha/AltchaTransformer
src/Altcha/Form/AltchaType
src/Altcha/Form/AltchaModel
src/Altcha/AltchaValidator
src/Flag/FlagAccessor
src/Hydra/Client

Errors

`src/Form/LoginType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/AltchaTransformer`</summary>

**Output** 

applied fixers:

  • no_superfluous_phpdoc_tags
  • no_empty_phpdoc```
`src/Altcha/Form/AltchaType`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Altcha/Form/AltchaModel`</summary>

**Output** 

applied fixers:

  • phpdoc_separation```
`src/Altcha/AltchaValidator`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>


<details>
  <summary>`src/Flag/FlagAccessor`</summary>

**Output** 

applied fixers:

  • trailing_comma_in_multiline```
`src/Hydra/Client`

Output

applied fixers:
---------------
* trailing_comma_in_multiline```

</details>





# Test report ## PHP CS Fixer ### Overview | State | Total | |-------|-------| | Passed | 0 | | Skipped | 0 | | Failed | 7 | | Error | 0 | **Total duration**: 0s <details> <summary>See details</summary> | Status | Name | Class | |--------|------|-------| | &#10799; | `src/Form/LoginType` || | &#10799; | `src/Altcha/AltchaTransformer` || | &#10799; | `src/Altcha/Form/AltchaType` || | &#10799; | `src/Altcha/Form/AltchaModel` || | &#10799; | `src/Altcha/AltchaValidator` || | &#10799; | `src/Flag/FlagAccessor` || | &#10799; | `src/Hydra/Client` || </details> <br /> #### Errors <details> <summary>`src/Form/LoginType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/AltchaTransformer`</summary> **Output** ``` applied fixers: --------------- * no_superfluous_phpdoc_tags * no_empty_phpdoc``` </details> <details> <summary>`src/Altcha/Form/AltchaType`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Altcha/Form/AltchaModel`</summary> **Output** ``` applied fixers: --------------- * phpdoc_separation``` </details> <details> <summary>`src/Altcha/AltchaValidator`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Flag/FlagAccessor`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details> <details> <summary>`src/Hydra/Client`</summary> **Output** ``` applied fixers: --------------- * trailing_comma_in_multiline``` </details>
Owner

Rapport PHPStan


 [OK] No errors                                                                 


## Rapport PHPStan ``` [OK] No errors ```
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-standalone/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-standalone/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
mlamalle approved these changes 2025-04-10 16:09:58 +02:00
mlamalle merged commit 303b0279f8 into develop 2025-04-10 16:12:22 +02:00
mlamalle deleted branch 4543-add-altcha-to-login 2025-04-10 16:12:24 +02:00
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (1)

Package ID Severity Installed Version Fixed Version
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-standalone:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (1)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> </table> <h4>No Misconfigurations found</h4>
Owner

Rapport d'analyse du fichier ./misc/images/hydra-sql-base/Dockerfile avec Hadolint

Rien à signaler.
## Rapport d'analyse du fichier `./misc/images/hydra-sql-base/Dockerfile` avec [Hadolint](https://github.com/hadolint/hadolint) ``` Rien à signaler. ```
Owner

Rapport d'analyse de l'image avec Trivy

Target reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)

Vulnerabilities (4)

Package ID Severity Installed Version Fixed Version
libcrypto3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
libexpat CVE-2024-50602 MEDIUM 2.6.3-r0 2.6.4-r0
libssl3 CVE-2024-9143 LOW 3.0.15-r0 3.0.15-r1
musl-utils CVE-2025-26519 UNKNOWN 1.2.3-r5 1.2.3-r6

No Misconfigurations found

Target Node.js

Vulnerabilities (1)

Package ID Severity Installed Version Fixed Version
cross-spawn CVE-2024-21538 HIGH 7.0.3 7.0.5, 6.0.6

No Misconfigurations found

## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy) <h3>Target <code>reg.cadoles.com/cadoles/hydra-sql-base:2025.4.10-pr52.1601.1252339 (alpine 3.17.1)</code></h3> <h4>Vulnerabilities (4)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>libcrypto3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>libexpat</code></td> <td>CVE-2024-50602</td> <td>MEDIUM</td> <td>2.6.3-r0</td> <td>2.6.4-r0</td> </tr> <tr> <td><code>libssl3</code></td> <td>CVE-2024-9143</td> <td>LOW</td> <td>3.0.15-r0</td> <td>3.0.15-r1</td> </tr> <tr> <td><code>musl-utils</code></td> <td>CVE-2025-26519</td> <td>UNKNOWN</td> <td>1.2.3-r5</td> <td>1.2.3-r6</td> </tr> </table> <h4>No Misconfigurations found</h4> <h3>Target <code>Node.js</code></h3> <h4>Vulnerabilities (1)</h4> <table> <tr> <th>Package</th> <th>ID</th> <th>Severity</th> <th>Installed Version</th> <th>Fixed Version</th> </tr> <tr> <td><code>cross-spawn</code></td> <td>CVE-2024-21538</td> <td>HIGH</td> <td>7.0.3</td> <td>7.0.5, 6.0.6</td> </tr> </table> <h4>No Misconfigurations found</h4>
Sign in to join this conversation.
No Reviewers
No Label
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Cadoles/hydra-sql#52
No description provided.