Описание
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator
configured with a regular expression using the $
metacharacters, with an input ending with \n
. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D
regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.
EPSS
3.1 Low
CVSS3
Дефекты
Связанные уязвимости
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.
symfony/validator is a module for the Symphony PHP framework which pro ...
Symfony has an incorrect response from Validator when input ends with `\n`
Уязвимость компонента validator программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
3.1 Low
CVSS3