VIR Vulnerability Intelligence Relay

CVE-2024-50343

unknown
Published 2024-11-06 · Modified 2025-11-03
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2
VIR risk

Description

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-50343

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed5.4.23+dfsg-1+deb12u3
debian debianbullseyefixed4.4.19+dfsg-2+deb11u7
debian debianforkyfixed6.4.11+dfsg-1
debian debiansidfixed6.4.11+dfsg-1
debian debiantrixiefixed6.4.11+dfsg-1

Package impact
EcosystemPackageVulnerableFixed
php Packagistsymfony/symfony<5.4.435.4.43
php Packagistsymfony/symfony>=6.0.0,<6.4.116.4.11
php Packagistsymfony/symfony>=7.0.0,<7.1.47.1.4
php Packagistsymfony/validator<5.4.435.4.43
php Packagistsymfony/validator>=6.0.0,<6.4.116.4.11
php Packagistsymfony/validator>=7.0.0,<7.1.47.1.4

References

Verify integrity in audit chain (admin only). AS-IS.