symfony/symfony Security Advisories for v7.1.7 (3)
-
[HIGH] CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass
PKSA-nqwp-2kdm-491t CVE-2025-64500 GHSA-3rg7-wf37-54rm
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.50|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.29|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.7
Reported by:
GitHub, FriendsOfPHP/security-advisories -
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
PKSA-yvfh-tnnw-3w9h CVE-2024-51996
Affected version: >=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8
Reported by:
FriendsOfPHP/security-advisories -
[LOW] CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
PKSA-vxd1-4ssb-3qdw CVE-2024-50342 GHSA-9c3x-r3wp-mgxm
Affected version: >=4.3.0,<4.4.0|>=4.4.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8
Reported by:
GitHub, FriendsOfPHP/security-advisories