Search for packages
| purl | pkg:composer/symfony/runtime@6.4.14 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5ydt-hq1s-n7fx | Symfony allows changing the environment through a query ### Description When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. ### Resolution The `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes The patch for this issue is available [here](https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa) for branch 5.4. ### Credits We would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix. |
CVE-2024-50340
GHSA-x8vp-gf4q-mw5j |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T19:14:58.952661+00:00 | GitLab Importer | Fixing | VCID-5ydt-hq1s-n7fx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/runtime/CVE-2024-50340.yml | 37.0.0 |
| 2025-07-03T13:57:23.717588+00:00 | GitLab Importer | Fixing | VCID-5ydt-hq1s-n7fx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/runtime/CVE-2024-50340.yml | 36.1.3 |
| 2025-07-01T14:35:46.604077+00:00 | GHSA Importer | Fixing | VCID-5ydt-hq1s-n7fx | https://github.com/advisories/GHSA-x8vp-gf4q-mw5j | 36.1.3 |
| 2025-07-01T12:10:33.004953+00:00 | GithubOSV Importer | Fixing | VCID-5ydt-hq1s-n7fx | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-x8vp-gf4q-mw5j/GHSA-x8vp-gf4q-mw5j.json | 36.1.3 |