CVE-2024-50343

Summary

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Software

VendorProductVersion RangeStatus
symfonysymfony< 5.4.43affected
symfonysymfony>= 6.0.0, < 6.4.11affected
symfonysymfony>= 7.0.0, < 7.1.4affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References