Search for packages
| purl | pkg:composer/symfony/runtime@5.4.35 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5ydt-hq1s-n7fx
Aliases: CVE-2024-50340 GHSA-x8vp-gf4q-mw5j |
Symfony allows changing the environment through a query ### Description When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. ### Resolution The `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes The patch for this issue is available [here](https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa) for branch 5.4. ### Credits We would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:14:58.851256+00:00 | GitLab Importer | Affected by | VCID-5ydt-hq1s-n7fx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/runtime/CVE-2024-50340.yml | 37.0.0 |