VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fhmx-pjm9-zqdd

Essentials
Severities (19)
References (11)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fhmx-pjm9-zqdd
Aliases	CVE-2024-50343 GHSA-g3rh-rrhp-jhh9
Summary	Symfony has an incorrect response from Validator when input ends with `\n` ### Description It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. ### Resolution Symfony now uses the `D` regex modifier to match the entire input. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f) for branch 5.4. ### Credits We would like to thank Offscript for reporting the issue and Alexandre Daubois for providing the fix.
Status	Published
Exploitability	0.5
Weighted Severity	2.8
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2024-50343
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
cvssv3.1	3.1	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
generic_textual	LOW	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
cvssv3.1	3.1	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
generic_textual	LOW	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
cvssv3.1	3.1	https://github.com/symfony/symfony
generic_textual	LOW	https://github.com/symfony/symfony
cvssv3.1	3.1	https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
generic_textual	LOW	https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
ssvc	Track	https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
cvssv3.1	3.1	https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
cvssv3.1_qr	LOW	https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
generic_textual	LOW	https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
ssvc	Track	https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
cvssv3.1	3.1	https://nvd.nist.gov/vuln/detail/CVE-2024-50343
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-50343
cvssv3.1	3.1	https://symfony.com/cve-2024-50343
generic_textual	LOW	https://symfony.com/cve-2024-50343

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-50343
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50343
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml
		https://github.com/symfony/symfony
		https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
		https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
		https://nvd.nist.gov/vuln/detail/CVE-2024-50343
		https://symfony.com/cve-2024-50343
GHSA-g3rh-rrhp-jhh9		https://github.com/advisories/GHSA-g3rh-rrhp-jhh9
USN-7272-1		https://usn.ubuntu.com/7272-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50343.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/validator/CVE-2024-50343.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/symfony/symfony

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/ Found at https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T15:25:47Z/ Found at https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-50343

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://symfony.com/cve-2024-50343

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.29485
EPSS Score	0.00105
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:10:37.459809+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-g3rh-rrhp-jhh9/GHSA-g3rh-rrhp-jhh9.json	36.1.3