VulnerableCode Package Details - pkg:composer/symfony/validator@2.3.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-fhmx-pjm9-zqdd Aliases: CVE-2024-50343 GHSA-g3rh-rrhp-jhh9	Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.	5.4.43 Affected by 0 other vulnerabilities. 6.4.11 Affected by 0 other vulnerabilities. 7.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fhmx-pjm9-zqdd
Aliases:
CVE-2024-50343
GHSA-g3rh-rrhp-jhh9

Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.

5.4.43
Affected by 0 other vulnerabilities.

6.4.11
Affected by 0 other vulnerabilities.

7.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-mrwn-pp7p-ffa9	Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.	CVE-2013-4751 GHSA-q8j7-fjh7-25v5

Vulnerability

Summary

Aliases

VCID-mrwn-pp7p-ffa9

Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.

CVE-2013-4751
GHSA-q8j7-fjh7-25v5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:14:56.825177+00:00	GitLab Importer	Affected by	VCID-fhmx-pjm9-zqdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml	37.0.0
2025-07-03T17:37:05.677161+00:00	GitLab Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	37.0.0
2025-07-03T13:54:51.532135+00:00	GitLab Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	36.1.3
2025-07-01T14:31:54.477073+00:00	GHSA Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://github.com/advisories/GHSA-q8j7-fjh7-25v5	36.1.3
2025-07-01T12:27:19.460488+00:00	GithubOSV Importer	Fixing	VCID-mrwn-pp7p-ffa9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q8j7-fjh7-25v5/GHSA-q8j7-fjh7-25v5.json	36.1.3