Overview
- Description
- symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-74
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Symfony CVE-2024-50340: Ability to change environment from query | #PHPNews #PHP https://t.co/kxjw95kaHW
@imabit_inc
17 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for Symfony CVE-2024-50340 (forked eos) https://t.co/uLRsdgAuX9 #Pentesting #Exploit #CyberSecurity #Infosec https://t.co/NkqtmmlgLF
@ptracesecurity
12 Nov 2024
1406 Impressions
3 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
Symfony CVE-2024-50340: Ability to change environment from query https://t.co/cBw0nQamfA Discussions: https://t.co/DbWpz9YnH4 #php #programming
@PHPDiscussions
10 Nov 2024
86 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - Nyamort/CVE-2024-50340 - https://t.co/3WnpIPv4uO
@piedpiper1616
7 Nov 2024
783 Impressions
5 Retweets
5 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2024-50340 Privilege Escalation in Symfony via Crafted Query String The symfony/runtime module for the Symphony PHP framework helps separate PHP apps from global settings. If `register_argv_argc` is on, and a... https://t.co/7hLiWz1Q8M
@VulmonFeeds
7 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50340 symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is… https://t.co/ut6qxmO6su
@CVEnew
6 Nov 2024
456 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 CVE-2024-50340: Ability to change environment from query ➡️ https://t.co/ittWVy2JjE #symfony
@symfony
6 Nov 2024
13986 Impressions
15 Retweets
55 Likes
15 Bookmarks
2 Replies
5 Quotes