CVE-2024-50343

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Nov 6, 2024

CWE ID 20

Summary

CVE-2024-50343 affects the symfony/validator module in the Symphony PHP framework, which is used for input validation. Maliciously crafted input, ending with `\\n`, can trick the `Validator` into treating the input as complete instead of matching the entire input with regular expressions. This issue is present in Symfony versions 5.4.43, 6.4.11, and 7.1.4. To mitigate this vulnerability, users are advised to upgrade to versions that utilize the `D` regex modifier, such as those mentioned above. There are currently no known workarounds for this security flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zv4kcD
https://www.cve.org/CVERecord?id=CVE-2024-50343
https://nvd.nist.gov/vuln/detail/CVE-2024-50343

Back to Vulnerability Database

CVE-2024-50343

CVSS 3.1 Score 3.1 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations