CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-50340 – Ability to change environment from query in symfony/runtime
https://notcve.org/view.php?id=CVE-2024-50340
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/Nyamort/CVE-2024-50340 https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50341 – Security::login does not take into account custom user_checker in symfony/security-bundle
https://notcve.org/view.php?id=CVE-2024-50341
symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom `user_checker` defined on a firewall is not called when Login Programmaticaly with the `Security::login` method, leading to unwanted login. As of versions 6.4.10, 7.0.10 and 7.1.3 the `Security::login` method now ensure to call the configured `user_checker`. All users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/symfony/symfony/commit/22a0789a0085c3ee96f4ef715ecad8255cf0e105 https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v • CWE-287: Improper Authentication •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50342 – Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client
https://notcve.org/view.php?id=CVE-2024-50342
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the `NoPrivateNetworkHttpClient`, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. As of versions 5.4.46, 6.4.14, and 7.1.7 the `NoPrivateNetworkHttpClient` now filters blocked IPs earlier to prevent such leaks. All users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50343 – Incorrect response from Validator when input ends with `\n` in symfony/validator
https://notcve.org/view.php?id=CVE-2024-50343
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9 • CWE-20: Improper Input Validation •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50345 – Open redirect via browser-sanitized URLs in symfony/http-foundation
https://notcve.org/view.php?id=CVE-2024-50345
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. • https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp https://url.spec.whatwg.org • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •