CVE-2024-50340 : SYMFONY INJECTION

Description

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j

https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa

For More Information

CVERecord

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

CVE-2024-53290 : DELL WYSE PROPRIETARY OS 2408 COMMAND INJECTION

Description Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. An

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

CVE-2024-35117 : IBM OPENPAGES WITH WATSON 9.0 TRACING LOG FILE CLEARTEXT STORAGE

Description IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

CVE-2024-54198 : SAP NETWEAVER APPLICATION SERVER ABAP UP TO KRNL64UC 7.22 RFC REQUEST IMPROPER CONTROL OF DYNAMICALLY-IDENTIFIED VARIABLES

Description In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC)