Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (2)
| Vulnerability |
Summary |
Aliases |
|
VCID-9bzz-84cq-ykh2
|
Symfony vulnerable to open redirect via browser-sanitized URLs
### Description
The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain.
### Resolution
The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4.
### Credits
We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix.
|
CVE-2024-50345
GHSA-mrqx-rp3w-jpjp
|
|
VCID-en6a-wp7q-fbfs
|
Symfony allows changing the environment through a query
### Description
When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
### Resolution
The `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa) for branch 5.4.
### Credits
We would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix.
|
CVE-2024-50340
GHSA-x8vp-gf4q-mw5j
|