VulnerableCode Package Details - pkg:composer/symfony/http-foundation@7.1.7

Search for packages

Package details: pkg:composer/symfony/http-foundation@7.1.7

Essentials
History (2)

purl	pkg:composer/symfony/http-foundation@7.1.7

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-bf8y-eqha-q3cy	Symfony vulnerable to open redirect via browser-sanitized URLs ### Description The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. ### Resolution The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/ The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4. ### Credits We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix.	CVE-2024-50345 GHSA-mrqx-rp3w-jpjp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T14:35:47.117955+00:00	GHSA Importer	Fixing	VCID-bf8y-eqha-q3cy	https://github.com/advisories/GHSA-mrqx-rp3w-jpjp	36.1.3
2025-07-01T12:10:36.324696+00:00	GithubOSV Importer	Fixing	VCID-bf8y-eqha-q3cy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-mrqx-rp3w-jpjp/GHSA-mrqx-rp3w-jpjp.json	36.1.3