Symfony vulnerable to command execution hijack on Windows with Process class

Description On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking. Resolution The Process class now uses the absolute path to cmd.exe. The patch for this...

GHSA-QQ5C-677P-737Q Symfony vulnerable to command execution hijack on Windows with Process class

Description On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking. Resolution The Process class now uses the absolute path to cmd.exe. The patch for this...

GHSA-MRQX-RP3W-JPJP Symfony vulnerable to open redirect via browser-sanitized URLs

Description The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain. Resolution The Request::create methods now assert the URI does not contain invalid...

GHSA-G3RH-RRHP-JHH9 Symfony has an incorrect response from Validator when input ends with `\n`

Description It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Resolution Symfony now uses the D regex modifier to match the entire input. The patch for this issue is available here for branch 5.4. Credits We would li...

Symfony has an incorrect response from Validator when input ends with `\n`

Description It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Resolution Symfony now uses the D regex modifier to match the entire input. The patch for this issue is available here for branch 5.4. Credits We would li...

GHSA-9C3X-R3WP-MGXM Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient

Description When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port enumeration. Resolution The NoPrivateNetworkHttpClient now filters blocked IPs earlier to prevent such leaks. The fisrt patch for this issue is...

GHSA-M2WJ-R6G3-FXFX Symfony possible session fixation vulnerability

Description SessionStrategyListener does not always migrate the session after a successful login. It only migrate the session when the logged-in user identifier changes. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token...