Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-50345

Опубликовано: 06 нояб. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 3.1

Описание

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain. The Request::create methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needed

esm-apps/focal

released

4.3.8+dfsg-1ubuntu1+esm2
esm-apps/jammy

released

5.4.4+dfsg-1ubuntu8+esm1
esm-apps/noble

released

6.4.5+dfsg-3ubuntu3+esm1
esm-apps/xenial

needed

focal

ignored

end of standard support, was needed
jammy

needed

noble

needed

oracular

ignored

end of life, was needs-triage

Показывать по

EPSS

Процентиль: 29%
0.00101
Низкий

3.1 Low

CVSS3

Связанные уязвимости

CVSS3: 3.1
nvd
9 месяцев назад

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 3.1
debian
9 месяцев назад

symfony/http-foundation is a module for the Symphony PHP framework whi ...

CVSS3: 3.1
github
9 месяцев назад

Symfony vulnerable to open redirect via browser-sanitized URLs

CVSS3: 3.1
fstec
9 месяцев назад

Уязвимость компонента http-foundation программной платформы для разработки и управления веб-приложениями Symfony, позволяющая нарушителю получить доступ к конфиденциальным данным

CVSS3: 7.3
redos
около 1 месяца назад

Множественные уязвимости php-symfony4

EPSS

Процентиль: 29%
0.00101
Низкий

3.1 Low

CVSS3