CVE-2024-50340MEDIUMPoC≥ 5.3.0, < 5.4.46·≥ 6.0.0, < 6.4.14+1 more2024-11-06
CVE-2024-50340 [MEDIUM] CWE-20 Symfony allows changing the environment through a query
Symfony allows changing the environment through a query
### Description
When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
### Resolution
The `SymfonyRuntime` now ignores the `argv` values for non-cli SAPIs PHP runtimes
The patch for this
ghsaosv