UBUNTU-CVE-2024-50340

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-50340

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-50340.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-50340

Related

CVE-2024-50340

Published

2024-11-06T21:15:00Z

Modified

2024-11-13T16:35:19Z

Summary

[none]

Details

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the register_argv_argc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the SymfonyRuntime now ignores the argv values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.1+dfsg-1

2.7.5+dfsg-1

2.7.9+dfsg-1

2.7.9+dfsg-1ubuntu2

2.7.10-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.7+dfsg-1.3ubuntu1

3.*

3.4.3+dfsg-1ubuntu4

3.4.6+dfsg-1

3.4.6+dfsg-1ubuntu0.1

3.4.6+dfsg-1ubuntu0.1+esm1

3.4.6+dfsg-1ubuntu0.1+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.4+dfsg-1ubuntu1

4.3.8+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.6+dfsg-1ubuntu7

5.4.4+dfsg-1ubuntu8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.5+dfsg-3ubuntu3

6.4.10+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / symfony

Package

Name: symfony
Purl: pkg:deb/ubuntu/symfony?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.23+dfsg-1ubuntu1

5.4.35+dfsg-3ubuntu1

6.*

6.4.5+dfsg-3ubuntu2

6.4.5+dfsg-3ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}