Package | symfony |
---|---|
Version | 3.4.22+dfsg-2+deb10u4 (buster) |
Related CVEs | CVE-2024-50343 CVE-2024-50345 |
- CVE-2024-50343
-
It was discovered input ending with
\n
could bypass Validators. - CVE-2024-50345
-
Sam Mush discovered that due to URI parsing mismatch between common browsers and the Request class, an attacker could supply a specially crafted URI to bypass validation and redirect users to another domain.
For Debian 10 buster, these problems have been fixed in version 3.4.22+dfsg-2+deb10u4.
We recommend that you upgrade your symfony packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.