Multiple vulnerabilities in Symfony
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-50340 CVE-2024-50342 CVE-2024-50345 CVE-2024-51736 |
| CWE-ID | CWE-20 CWE-918 CWE-601 CWE-426 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Symfony Web applications / CMS |
| Vendor | SensioLabs |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU99967
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50340
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input with enabled register_argv_argc PHP directive. A remote attacker can pass specially crafted URL to the application and manipulate current PHP environment.
Install updates from vendor's website.
Vulnerable software versionsSymfony: 5.0.0 - 7.1.6
CPE2.3- cpe:2.3:a:sensiolabs:symfony:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.4:*:*:*:*:*:*:*
http://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU99966
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50342
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a user attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when using NoPrivateNetworkHttpClient. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymfony: 5.0.0 - 7.1.6
CPE2.3- cpe:2.3:a:sensiolabs:symfony:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.4:*:*:*:*:*:*:*
http://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Open redirect
EUVDB-ID: #VU99965
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-50345
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data within the Request class. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymfony: 5.0.0 - 7.1.6
CPE2.3- cpe:2.3:a:sensiolabs:symfony:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.4:*:*:*:*:*:*:*
http://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Untrusted search path
EUVDB-ID: #VU99964
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-51736
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path within the Process class when calling cmd.exe. A local user can place a malicious binary with name cmd.exe into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSymfony: 5.0.0 - 7.1.6
CPE2.3- cpe:2.3:a:sensiolabs:symfony:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:7.1.4:*:*:*:*:*:*:*
http://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
