CVE-2024-50345
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50345
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50345.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-50345
- Aliases
- Related
- Published
- 2024-11-06T21:15:06Z
- Modified
- 2024-11-11T21:48:47.323005Z
- Summary
- [none]
- Details
-
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The
Requestclass, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on theRequestclass to redirect users to another domain. TheRequest::createmethods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. - References
Affected packages
Debian:11 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.4.19+dfsg-2
4.4.19+dfsg-2+deb11u1
4.4.19+dfsg-2+deb11u2
4.4.19+dfsg-2+deb11u3
4.4.19+dfsg-2+deb11u4
4.4.19+dfsg-2+deb11u5
4.4.19+dfsg-2+deb11u6
4.4.19+dfsg-3
5.*
5.0.0~beta2-1
5.0.2-1
5.0.4-1
5.2.1+dfsg-1
5.2.2+dfsg-1
5.2.3+dfsg-1
5.2.4+dfsg-1
5.2.5+dfsg-1
5.2.6+dfsg-1
5.3.9+dfsg-1
5.3.10+dfsg-1
5.3.12+dfsg-1
5.3.12+dfsg-2
5.4.0~beta1+dfsg-1
5.4.0~beta2+dfsg-1
5.4.0~beta3+dfsg-1
5.4.0~rc1+dfsg-1
5.4.0~rc1+dfsg-2
5.4.0~rc1+dfsg-3
5.4.0+dfsg-1
5.4.0+dfsg-2
5.4.1+dfsg-1
5.4.2+dfsg-1
5.4.2+dfsg-2
5.4.2+dfsg-3
5.4.4+dfsg-1
5.4.6+dfsg-1
5.4.8+dfsg-1
5.4.9+dfsg-1
5.4.9+dfsg-2
5.4.10+dfsg-1
5.4.11+dfsg-1
5.4.11+dfsg-2
5.4.12+dfsg-1
5.4.12+dfsg-2
5.4.13+dfsg-1
5.4.14+dfsg-1
5.4.15+dfsg-1
5.4.16+dfsg-1
5.4.18+dfsg-1
5.4.18+dfsg-2
5.4.18+dfsg-3
5.4.19+dfsg-1
5.4.20+dfsg-1
5.4.21+dfsg-1
5.4.22+dfsg-1
5.4.22+dfsg-2
5.4.22+dfsg-3
5.4.23+dfsg-1
5.4.24+dfsg-1
5.4.25+dfsg-1
5.4.27+dfsg-1
5.4.28+dfsg-1
5.4.29+dfsg-1
5.4.30+dfsg-1
5.4.31+dfsg-1
5.4.31+dfsg-2
5.4.32+dfsg-1
5.4.33+dfsg-1
5.4.34+dfsg-1
5.4.34+dfsg-2
5.4.35+dfsg-1
5.4.35+dfsg-2
5.4.35+dfsg-3
6.*
6.3.0~rc1+dfsg-1
6.3.0~rc2+dfsg-1
6.3.0+dfsg-1
6.3.1+dfsg-1
6.3.3+dfsg-1
6.3.4+dfsg-1
6.3.5+dfsg-1
6.3.6+dfsg-1
6.3.7+dfsg-1
6.4.0~beta2+dfsg-1
6.4.0~beta3+dfsg-1
6.4.0~rc1+dfsg-1
6.4.0~rc2+dfsg-1
6.4.0+dfsg-1
6.4.1+dfsg-1
6.4.2+dfsg-1
6.4.3+dfsg-1
6.4.4+dfsg-1
6.4.4+dfsg-2
6.4.4+dfsg-3
6.4.4+dfsg-4
6.4.5+dfsg-1
6.4.5+dfsg-2
6.4.5+dfsg-3
6.4.5+dfsg-4
6.4.6+dfsg-1
6.4.7+dfsg-1
6.4.9+dfsg-1
6.4.10+dfsg-1
6.4.11+dfsg-1
6.4.12+dfsg-1
6.4.13+dfsg-1
6.4.14+dfsg-1
7.*
7.0.4+dfsg-1
7.0.5+dfsg-1
7.0.6+dfsg-1
7.0.7+dfsg-1
7.1.0~beta1+dfsg-1
7.1.0~rc1+dfsg-1
7.1.2+dfsg-1
7.1.3+dfsg-1
7.1.4+dfsg-1
7.1.5+dfsg-1
7.2.0~beta1+dfsg-1
7.2.0~beta2+dfsg-1
Debian:12 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Debian:13 / symfony
Package
- Name
- symfony
- Purl
- pkg:deb/debian/symfony?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.4.14+dfsg-1
Affected versions
5.*
5.4.23+dfsg-1
5.4.24+dfsg-1
5.4.25+dfsg-1
5.4.27+dfsg-1
5.4.28+dfsg-1
5.4.29+dfsg-1
5.4.30+dfsg-1
5.4.31+dfsg-1
5.4.31+dfsg-2
5.4.32+dfsg-1
5.4.33+dfsg-1
5.4.34+dfsg-1
5.4.34+dfsg-2
5.4.35+dfsg-1
5.4.35+dfsg-2
5.4.35+dfsg-3
6.*
6.3.0~rc1+dfsg-1
6.3.0~rc2+dfsg-1
6.3.0+dfsg-1
6.3.1+dfsg-1
6.3.3+dfsg-1
6.3.4+dfsg-1
6.3.5+dfsg-1
6.3.6+dfsg-1
6.3.7+dfsg-1
6.4.0~beta2+dfsg-1
6.4.0~beta3+dfsg-1
6.4.0~rc1+dfsg-1
6.4.0~rc2+dfsg-1
6.4.0+dfsg-1
6.4.1+dfsg-1
6.4.2+dfsg-1
6.4.3+dfsg-1
6.4.4+dfsg-1
6.4.4+dfsg-2
6.4.4+dfsg-3
6.4.4+dfsg-4
6.4.5+dfsg-1
6.4.5+dfsg-2
6.4.5+dfsg-3
6.4.5+dfsg-4
6.4.6+dfsg-1
6.4.7+dfsg-1
6.4.9+dfsg-1
6.4.10+dfsg-1
6.4.11+dfsg-1
6.4.12+dfsg-1
6.4.13+dfsg-1