CVE-2024-50343 Information

Description

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters with an input ending with \n. Symfony as of versions 5.4.43 6.4.11 and 7.1.4 now uses the D regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Reference

https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9 https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f