Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (1)
| Vulnerability |
Summary |
Aliases |
|
VCID-5ydt-hq1s-n7fx
|
Symfony allows changing the environment through a query
### Description
When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
### Resolution
The `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes
The patch for this issue is available [here](https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa) for branch 5.4.
### Credits
We would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix.
|
CVE-2024-50340
GHSA-x8vp-gf4q-mw5j
|