Search for packages
| purl | pkg:composer/symfony/http-foundation@6.4.14 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bf8y-eqha-q3cy | Symfony vulnerable to open redirect via browser-sanitized URLs ### Description The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. ### Resolution The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/ The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819) for branch 5.4. ### Credits We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix. |
CVE-2024-50345
GHSA-mrqx-rp3w-jpjp |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:14:47.610397+00:00 | GitLab Importer | Fixing | VCID-bf8y-eqha-q3cy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-foundation/CVE-2024-50345.yml | 37.0.0 |
| 2025-07-03T13:57:23.271397+00:00 | GitLab Importer | Fixing | VCID-bf8y-eqha-q3cy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/http-foundation/CVE-2024-50345.yml | 36.1.3 |
| 2025-07-01T14:35:47.075666+00:00 | GHSA Importer | Fixing | VCID-bf8y-eqha-q3cy | https://github.com/advisories/GHSA-mrqx-rp3w-jpjp | 36.1.3 |
| 2025-07-01T12:10:36.295276+00:00 | GithubOSV Importer | Fixing | VCID-bf8y-eqha-q3cy | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-mrqx-rp3w-jpjp/GHSA-mrqx-rp3w-jpjp.json | 36.1.3 |