CVE-2024-50343: Incorrect response from Validator when input ends with `\n`

Affected versions

Symfony versions <5.4.43; >=6, <6.4.11; >=7, <7.1.4 of the Symfony Validator component are affected by this security issue.

The issue has been fixed in Symfony 5.4.43, 6.4.11, and 7.1.4.

Description

It is possible to trick a… https://symfony.com/blog/cve-2024-50343-incorrect-response-from-validator-when-input-ends-with-n?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Creată 9d | 6 nov. 2024, 10:40:22


Autentifică-te pentru a adăuga comentarii

Alte posturi din acest grup

New in Symfony 7.2: Redesigned TypeInfo Component

Contributed by Mathias Arlaud in

15 nov. 2024, 10:30:25 | Symfony
SymfonyOnline January 2025 is coming up soon - join us online!

SymfonyOnline January 2025 is coming up soon, running on January 16-17, and it’s going to be a great two-day online conference! Get ready for top-notch insights, inspiring schedule & speake

14 nov. 2024, 18:21:35 | Symfony
New in Symfony 7.2: New Command Options

In Symfony 7.2, we've improved many existing commands with new options and features.

Resolve Env Vars when Linting the Container

14 nov. 2024, 11:20:23 | Symfony
Symfony 7.1.8 released

Symfony 7.1.8 has just been released. Here is the list of the most important changes since 7.1.7:

security #cve-2024-50342 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient (@nicolas-g
13 nov. 2024, 16:50:05 | Symfony
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

Affected versions

Symfony versions >=5.3, <5.4.47; >=6, <6.4.15; >=7, <7.1.8 of the Symfony Security-Http component are affected by this security issue.

The issue has been fixed in Symfony

13 nov. 2024, 16:50:04 | Symfony
Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

The patch released last week for CVE-2024-50342 was incomplete. New versions have just been released to address it. https://symfony.com/blog/update-for-cve-2024-50342-internal-address-and-port-enumera

13 nov. 2024, 16:50:03 | Symfony
Symfony 7.2.0-RC1 released

Symfony 7.2.0-RC1 has just been released. Here is the list of the most important changes since 7.2.0-BETA2:

feature #58852 [TypeInfo] Remove @experimental tag (@mtarld)

feature #57630 [TypeInfo]

13 nov. 2024, 16:50:02 | Symfony