
We found results for “”
CVE-2024-50343
Date: November 6, 2024
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a "Validator" configured with a regular expression using the "$" metacharacters, with an input ending with "\n". Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the "D" regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Language: PHP
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Input Validation
CWE-20CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |