Affected versions
Twig versions <3.11.2; >=3.12,<3.14.1 are affected by this security issue.
The issue has been fixed in Twig 3.11.2 and 3.14.1. Note that Twig versions 1 and 2 are not maintained anymore and are vulnerable.
Description
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Process component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
On Window, when an executable… https://symfony.com/blog/cve-2024-51736-command-execution-hijack-on-windows-with-process-class?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpFoundation component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
The Request class, does… https://symfony.com/blog/cve-2024-50345-open-redirect-via-browser-sanitized-urls?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Affected versions
Symfony versions <5.4.43; >=6, <6.4.11; >=7, <7.1.4 of the Symfony Validator component are affected by this security issue.
The issue has been fixed in Symfony 5.4.43, 6.4.11, and 7.1.4.
Description
It is possible to trick a… https://symfony.com/blog/cve-2024-50343-incorrect-response-from-validator-when-input-ends-with-n?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Symfony 5.4.46 has just been released. Here is the list of the most important changes since 5.4.45:
bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)security #cve-2024-51736 [Process] Use PATH before… https://symfony.com/blog/symfony-5-4-46-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Affected versions
Symfony versions >=6.2, <6.4.10; >=7.0, <7.0.10; >=7.1, <7.1.3 of the Symfony SecurityBundle component are affected by this security issue.
The issue has been fixed in Symfony 6.4.10, 7.0.10, and 7.1.3.
Description
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony HttpClient component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
When using the NoPrivateNetworkHttpClient,… https://symfony.com/blog/cve-2024-50342-internal-address-and-port-enumeration-allowed-by-noprivatenetworkhttpclient?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Affected versions
Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Runtime component are affected by this security issue.
The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.
Description
When the register_argv_argc… https://symfony.com/blog/cve-2024-50340-ability-to-change-environment-from-query?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Symfony 6.4.14 has just been released. Here is the list of the most important changes since 6.4.13:
bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)security #cve-2024-51736 [Process] Use PATH before… https://symfony.com/blog/symfony-6-4-14-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
Symfony 7.1.7 has just been released. Here is the list of the most important changes since 7.1.6:
bug #58772 [DoctrineBridge] Backport detection fix of Xml/Yaml driver in DoctrineExtension (@MatTheCat)security #cve-2024-51736 [Process] Use PATH before… https://symfony.com/blog/symfony-7-1-7-released?utm_source=Symfony%20Blog%20Feed&utm_medium=feed
