VulnerableCode Package Details - pkg:composer/symfony/validator@2.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-fhmx-pjm9-zqdd Aliases: CVE-2024-50343 GHSA-g3rh-rrhp-jhh9	Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.	5.4.43 Affected by 0 other vulnerabilities. 6.4.11 Affected by 0 other vulnerabilities. 7.1.4 Affected by 0 other vulnerabilities.
VCID-mrwn-pp7p-ffa9 Aliases: CVE-2013-4751 GHSA-q8j7-fjh7-25v5	Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.	2.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-fhmx-pjm9-zqdd
Aliases:
CVE-2024-50343
GHSA-g3rh-rrhp-jhh9

Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.

5.4.43
Affected by 0 other vulnerabilities.

6.4.11
Affected by 0 other vulnerabilities.

7.1.4
Affected by 0 other vulnerabilities.

VCID-mrwn-pp7p-ffa9
Aliases:
CVE-2013-4751
GHSA-q8j7-fjh7-25v5

Symfony collectionCascaded and collectionCascadedDeeply fields security bypass When using the Validator component, if `Symfony\\Component\\Validator\\Mapping\\Cache\\ApcCache` is enabled (or any other cache implementing `Symfony\\Component\\Validator\\Mapping\\Cache\\CacheInterface`), some information is lost during serialization (the `collectionCascaded` and the `collectionCascadedDeeply` fields). As a consequence, arrays or traversable objects stored in fields using the `@Valid` constraint are not traversed by the validator as soon as the validator configuration is loaded from the cache.

2.3.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:14:56.821080+00:00	GitLab Importer	Affected by	VCID-fhmx-pjm9-zqdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml	37.0.0
2025-07-03T17:37:05.673003+00:00	GitLab Importer	Affected by	VCID-mrwn-pp7p-ffa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml	37.0.0

2025-07-03T19:14:56.821080+00:00

GitLab Importer

Affected by

VCID-fhmx-pjm9-zqdd

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2024-50343.yml

37.0.0

2025-07-03T17:37:05.673003+00:00

GitLab Importer

Affected by

VCID-mrwn-pp7p-ffa9

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/validator/CVE-2013-4751.yml

37.0.0

Next non-vulnerable version	5.4.43
Latest non-vulnerable version	7.1.4
Risk	4.0