Описание
Symfony allows changing the environment through a query
Description
When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
Resolution
The SymfonyRuntime now ignores the argv values for non-cli SAPIs PHP runtimes
The patch for this issue is available here for branch 5.4.
Credits
We would like to thank Vladimir Dusheyko for reporting the issue and Wouter de Jong for providing the fix.
Ссылки
- https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
- https://nvd.nist.gov/vuln/detail/CVE-2024-50340
- https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/runtime/CVE-2024-50340.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2024-50340.yaml
- https://symfony.com/cve-2024-50340
Пакеты
symfony/runtime
>= 5.3.0, < 5.4.46
5.4.46
symfony/runtime
>= 6.0.0, < 6.4.14
6.4.14
symfony/runtime
>= 7.0.0, < 7.1.7
7.1.7
symfony/symfony
>= 5.3.0, < 5.4.46
5.4.46
symfony/symfony
>= 6.0.0, < 6.4.14
6.4.14
symfony/symfony
>= 7.0.0, < 7.1.7
7.1.7
EPSS
6.9 Medium
CVSS4
7.3 High
CVSS3
CVE ID
Дефекты
Связанные уязвимости
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
symfony/runtime is a module for the Symphony PHP framework which enabl ...
Уязвимость программной платформы для разработки и управления веб-приложениями Symfony, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код
EPSS
6.9 Medium
CVSS4
7.3 High
CVSS3