CVE-2024-50343

low

Description

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9

https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f

Details

Source: Mitre, NVD

Published: 2024-11-06

Updated: 2024-11-08

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N