3.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-50345

GHSA ID

GHSA-mrqx-rp3w-jpjp

EPSS Score

0.24074%

CWE

CWE-601

Published

11/6/2024

Updated

11/12/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-50345

CVE-2024-50345:
Symfony vulnerable to open redirect via browser-sanitized URLs

Description

The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain.

Resolution

The Request::create methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/

The patch for this issue is available here for branch 5.4.

Credits

We would like to thank Sam Mush - IPASSLab && ZGC Lab for reporting the issue and Nicolas Grekas for providing the fix.

(GitHub Advisory)

3.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-50345

GHSA ID

GHSA-mrqx-rp3w-jpjp

EPSS Score

0.24074%

CWE

CWE-601

Published

11/6/2024

Updated

11/12/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
symfony/http-foundation	composer	< 5.4.46	5.4.46
symfony/http-foundation	composer	>= 6.0.0, < 6.4.14	6.4.14
symfony/http-foundation	composer	>= 7.0.0, < 7.1.7	7.1.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper URI validation in Request::create. The patch adds explicit checks for invalid characters (backslashes, CR/LF/TAB, leading/trailing control characters) as per WHATWG standards. The commit diff shows these validations were missing in vulnerable versions, making Request::create the entry point for malicious URIs. The function's role in URI parsing and the addition of validation logic in the fix confirm its vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### **s*ription T** `R*qu*st` *l*ss, *o*s not p*rs* URI wit* sp**i*l ***r**t*rs t** s*m* w*y *rows*rs *o. *s * r*sult, *n *tt**k*r **n tri*k * v*li**tor r*lyin* on t** `R*qu*st` *l*ss to r**ir**t us*rs to *not**r *om*in. ### R*solution T** `R*qu*s

Reasoning

T** vuln*r**ility st*mm** *rom improp*r URI v*li**tion in `R*qu*st::*r**t*`. T** p*t** ***s *xpli*it ****ks *or inv*li* ***r**t*rs (***ksl*s**s, *R/L*/T**, l***in*/tr*ilin* *ontrol ***r**t*rs) *s p*r W**TW* st*n**r*s. T** *ommit *i** s*ows t**s* v*li

3.1

Basic Information

Concerned about an active attack path?

CVE-2024-50345: Symfony vulnerable to open redirect via browser-sanitized URLs

Description

Resolution

Credits

3.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-50345:
Symfony vulnerable to open redirect via browser-sanitized URLs

Vulnerability Intelligence
Miggo AI