Description

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-11-06T21:09:46.750Z

Last Modified :

2024-11-07T15:29:50.292Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50340 vulnerability.

Vendors Products
Sensiolabs
  • Symfony
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50340.

URL Resource
https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa cve-icon cve-icon
https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact