{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T18:26:03.079","vulnerabilities":[{"cve":{"id":"CVE-2024-50345","sourceIdentifier":"security-advisories@github.com","published":"2024-11-06T21:15:06.383","lastModified":"2025-11-03T20:16:36.520","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"symfony/http-foundation es un módulo para el framework PHP Symphony que define una capa orientada a objetos para la especificación HTTP. La clase `Request` no analiza las URI con caracteres especiales de la misma forma que lo hacen los navegadores. Como resultado, un atacante puede engañar a un validador que se basa en la clase `Request` para redirigir a los usuarios a otro dominio. Los métodos `Request::create` ahora afirman que la URI no contiene caracteres no válidos según lo definido por https://url.spec.whatwg.org/. Este problema ha sido corregido en las versiones 5.4.46, 6.4.14 y 7.1.7. Se recomienda a los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.46","matchCriteriaId":"9D975006-5AF8-45A1-BDF0-5D876E977FAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.4.14","matchCriteriaId":"12764F68-0CEE-4768-B8AD-BB218CFC8E17"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.1.7","matchCriteriaId":"C62D9AF5-0F1F-493E-A3EF-658F4BCED17A"}]}]}],"references":[{"url":"https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://url.spec.whatwg.org","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00051.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}