CVE-2024-50345

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Nov 6, 2024

Updated: Nov 8, 2024

CWE ID 601

Summary

CVE-2024-50345 is a vulnerability affecting the symfony/http-foundation module in the Symfony PHP framework. This module defines an object-oriented layer for the HTTP specification, and the `Request` class within it fails to parse URIs with special characters in the same way browsers do. An attacker can exploit this issue to trick a validator relying on the `Request` class into redirecting users to a different domain. The vulnerability has been addressed in versions 5.4.46, 6.4.14, and 7.1.7 of the framework, and users are strongly advised to upgrade as soon as possible. There are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database