In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies.
Consumers are affected if their application meets the following preconditions:
Upgrade Auth0/symfony-auth0 to version 5.8.0 or greater.
5.8.0Exploitability
AV:NAC:HPR:LUI:NScope
S:CImpact
C:HI:HA:N8.2/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N