VulnerableCode Package Details - pkg:composer/symfony/validator@2.2.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-c8ar-82sr-fqej Aliases: CVE-2024-50343 GHSA-g3rh-rrhp-jhh9	Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.	5.4.43 Affected by 0 other vulnerabilities. 6.4.11 Affected by 0 other vulnerabilities. 7.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-c8ar-82sr-fqej
Aliases:
CVE-2024-50343
GHSA-g3rh-rrhp-jhh9

Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.

5.4.43
Affected by 0 other vulnerabilities.

6.4.11
Affected by 0 other vulnerabilities.

7.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-sfzy-423b-j3b4	Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.	CVE-2013-4751 GHSA-q8j7-fjh7-25v5

Vulnerability

Summary

Aliases

VCID-sfzy-423b-j3b4

Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.

CVE-2013-4751
GHSA-q8j7-fjh7-25v5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:13:24.503439+00:00	GitLab Importer	Affected by	VCID-c8ar-82sr-fqej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml	38.4.0
2026-04-16T20:58:21.901850+00:00	GitLab Importer	Fixing	VCID-sfzy-423b-j3b4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	38.4.0
2026-04-12T00:31:54.896171+00:00	GitLab Importer	Affected by	VCID-c8ar-82sr-fqej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml	38.3.0
2026-04-11T22:09:31.164864+00:00	GitLab Importer	Fixing	VCID-sfzy-423b-j3b4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	38.3.0
2026-04-03T00:39:38.534687+00:00	GitLab Importer	Affected by	VCID-c8ar-82sr-fqej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml	38.1.0
2026-04-02T22:22:08.766827+00:00	GitLab Importer	Fixing	VCID-sfzy-423b-j3b4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	38.1.0
2026-04-01T16:39:54.958379+00:00	GitLab Importer	Fixing	VCID-sfzy-423b-j3b4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	38.0.0
2026-04-01T16:00:43.740813+00:00	GHSA Importer	Fixing	VCID-sfzy-423b-j3b4	https://github.com/advisories/GHSA-q8j7-fjh7-25v5	38.0.0
2026-04-01T13:08:55.226371+00:00	GithubOSV Importer	Fixing	VCID-sfzy-423b-j3b4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q8j7-fjh7-25v5/GHSA-q8j7-fjh7-25v5.json	38.0.0