CVE-2024-50345

LOW Year: 2024
CVSS v3 Score
3.1
Low
Weakness Type
CWE-601
View all →

Vulnerability Description

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-14882

LOW
CVSS:3.1(Low)

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

CWE-6012019

CVE-2022-44717

LOW
CVSS:3.1(Low)

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted ...

CWE-6012022

CVE-2024-21684

LOW
CVSS:3.1(Low)

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerabi...

CWE-6012024

CVE-2024-28344

LOW
CVSS:3.1(Low)

An Open Redirect vulnerability was found in Sipwise C5 NGCP Dashboard below mr11.5.1. The Open Redirect vulnerability allows attackers to control the "back" parameter in the URL through a double encod...

CWE-6012024

CVE-2023-3515

LOW
CVSS:3.0(Low)

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.

CWE-6012023