10 matches found
GHSA-FQC7-9XJW-JRH3 SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch
Description CVE-2024-50340 GHSA-x8vp-gf4q-mw5j addressed an issue where, with registerargcargv=On, a crafted query string let an unauthenticated GET change the kernel environment and debug flag by feeding --env/--no-debug through $SERVER'argv'. The fix shipped in symfony/runtime 5.4.46 / 6.4.14 /...
Interpretation Conflict
Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...
PT-2026-48343
Name of the Vulnerable Software and Affected Versions Symfony versions 5.4.46 through 5.4.51 Symfony versions 6.4.14 through 6.4.39 Symfony versions 7.1.7 through 7.4.11 Symfony versions 8.0.12 Description An issue exists where an unauthenticated user can modify the kernel environment and debug...
Arbitrary Argument Injection
Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...
Astra Linux – Vulnerability in symfony
symfony/runtime is a module for the Symphony PHP framework that enables decoupling PHP applications from global state. When the registerargvargc PHP directive is set to on, and users call any URL with a specially crafted query string, they can change the environment or debug mode used by the kern...
CVE-2024-50340
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
Local File Inclusion (LFI)
symfony/runtime is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper handling of the argv values in non-SAPI PHP runtimes, where the registerargvargc directive is set to on, allowing attackers to craft query strings that modify the environment or debug settings used by...
DEBIAN-CVE-2024-50340
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
CVE-2024-50340 Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
CVE-2024-50340 Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...