Symfony Module Security Update Advisory (CVE-2024-50340)

Nov 13 2024

Overview

An update has been released to address vulnerabilities in Symfony Module. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-50340

Symfony versions: ~ 5.4.46 (excluded)
Symfony versions: 6 (inclusive) ~ 6.4.14 (excluded)
Symfony versions: 7 (inclusive) ~ 7.1.7 (excluded)

Resolved Vulnerabilities

Vulnerability in the symfony/runtime module of the Symfony PHP framework, when the register_argv_argc PHP directive is enabled, allows specially crafted query strings to change the environment or debug mode (CVE-2024-50340)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-50340

Symfony version: 5.4.46
Symfony version: 6.4.14
Symfony version: 7.1.7

References Sites

[1] CVE-2024-50340 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-50340

[2] Ability to change environment from query

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

[3] Symfony/Commit

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

Symfony Module Security Update Advisory (CVE-2024-50340)

WordPress Theme Security Update Advisory (CVE-2024-10470)

Microsoft Product Suite November 2024 Security Update Advisory

Tags:

WordPress Theme Security Update Advisory (CVE-2024-10470)

Microsoft Product Suite November 2024 Security Update Advisory