Overview
- Description
- symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 3.1
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- security-advisories@github.com
- CWE-601
Social media
- Hype score
- Not currently trending
CVE-2024-50345 Improper URI Parsing Allows Open Redirect in Symfony Http-Foundation Module The symfony/http-foundation module is part of the Symphony PHP framework. It provides an object-oriented layer for handli... https://t.co/PlZY6RrWnY
@VulmonFeeds
7 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50345 symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not pa… https://t.co/UCRc0hhmMF
@CVEnew
6 Nov 2024
538 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes