Symfony Runtime Ignores Arguments in Non-SAPI PHP Runtimes
CVE-2024-50340
Key Information:
- Vendor
Symfony
- Vendor
- CVE Published:
- 6 November 2024
Badges
What is CVE-2024-50340?
The vulnerability CVE-2024-50340 affects the Symfony Runtime component in versions =6, =7, and <7.1.7, allowing unauthorized access to sensitive resources. By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This can lead to the leaking of sensitive information and potentially executing arbitrary code. The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7, and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
News Articles
IONIXCVE-2024-50340Understanding CVE-2024-50340 - Remote Access to Symfony Profiler - IONIX
CVE-2024-50340 A security issue in Symfony versions =6, =7, <7.1.7 of the Symfony Runtime component allows unauthorized access to sensitive resources.
References
EPSS Score
85% chance of being exploited in the next 30 days.
Timeline
- π°
First article discovered by IONIX
Vulnerability published