CVE-2024-50343
Publication date 6 November 2024
Last updated 18 February 2025
Ubuntu priority
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| symfony | 24.10 oracular |
Needs evaluation
|
| 24.04 LTS noble |
Fixed 6.4.5+dfsg-3ubuntu3+esm1
|
|
| 22.04 LTS jammy |
Fixed 5.4.4+dfsg-1ubuntu8+esm1
|
|
| 20.04 LTS focal |
Fixed 4.3.8+dfsg-1ubuntu1+esm2
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Vulnerable
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
hlibk
Patching bionic and below is risky and may introduce regressions. Needs more engagement to make this viable.
References
Related Ubuntu Security Notices (USN)
- USN-7272-1
- Symfony vulnerabilities
- 18 February 2025