CVE-2024-50345: Open redirect via browser-sanitized URLs

Affected versions

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpFoundation component are affected by this security issue.

The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

Description

The Request class, does… https://symfony.com/blog/cve-2024-50345-open-redirect-via-browser-sanitized-urls?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Établi 2mo | 6 nov. 2024 à 10:40:23


Connectez-vous pour ajouter un commentaire

Autres messages de ce groupe

Introducing the new Twig Playground

I'm very excited to announce the launch of Twig Playground, a new tool that allows you to test and experiment with Twig templates in a sandbox environment. It is entirely web-based, with no backend.

26 déc. 2024 à 16:20:14 | Symfony
A Week of Symfony #938 (16-22 December 2024)

This week, Symfony development activity focused on fixing bugs in maintenance versions and adding new features for the upcoming Symfony 7.3 release. Meanwhile, we published blog posts about the new Tw

22 déc. 2024 à 10:20:10 | Symfony
New in Twig 3.15 (part 2)

In the first part of this blog post we introduced exciting new Twig features like inline comments, PHP enums support, improved operator precedence, the guard tag, and enhanced deprecation handling. Th

19 déc. 2024 à 10:30:05 | Symfony
Case study - Upply: The PHP advantage: How we resisted the switch to Scala, rust, or go

After a pause, we’re excited to relaunch the publication of case studies in the Symfony community. Whether you’ve tackled challenging upgrades, solved complex technical issues, or transformed your tea

18 déc. 2024 à 08:50:12 | Symfony
New in Twig 3.15 (part 1)

Twig 3.15 was released a few weeks ago and includes an impressive list of new features and improvements. This two-part blog post highlights the most important ones.

Inline Comments… https://symfony.c

17 déc. 2024 à 09:40:11 | Symfony
A Week of Symfony #937 (9-15 December 2024)

This week, Symfony 7.2.1 was released as the first maintenance version of the 7.2 branch. Meanwhile, the upcoming Symfony 7.3 version introduced a new JsonEncoder component that is 10 times faster tha

15 déc. 2024 à 09:10:06 | Symfony
Symfony 7.2.1 released

Symfony 7.2.1 has just been released. Here is the list of the most important changes since 7.2.0:

bug #59145 [TypeInfo] Make Type::nullable method no-op on every nullable type (@mtarld)

bug #5912

11 déc. 2024 à 12:30:06 | Symfony