CVE-2024-50345

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Nov 6, 2024

CWE ID 601

Summary

CVE-2024-50345 is a vulnerability affecting the symfony/http-foundation module in the Symfony PHP framework. The `Request` class within this module fails to parse URIs with special characters in the same way as browsers, enabling an attacker to manipulate validators that rely on it. The consequence is unintended redirection to different domains. To mitigate this issue, users are advised to upgrade to versions 5.4.46, 6.4.14, and 7.1.7. Unfortunately, there are no known workarounds for this vulnerability, making upgrading the most effective solution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/zv47uu
https://www.cve.org/CVERecord?id=CVE-2024-50345
https://nvd.nist.gov/vuln/detail/CVE-2024-50345

Back to Vulnerability Database

CVE-2024-50345

CVSS 3.1 Score 3.1 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations