Go back to All Blog posts

Understanding CVE-2024-50340 – Remote Access to Symfony Profiler

Nethanel Gelernter
November 12th, 2024

IONIX Tracks CVE-2024-50340 Symfony Profiler – See if You’re Impacted

What is Symfony Profiler?

Symfony Profiler is a development tool that gives detailed information about the execution of any request.

Symfony Profiler Remote Access Vulnerability

According to security researcher nol_tech CVE-2024–50340 is a critical vulnerability (CVSS7.3) affecting Symfony applications when the PHP directive register_argc_argv is enabled.

By appending ?+--env=dev to a URL, attackers can force the application into the dev environment, granting remote access to the Symfony profiler. This exposure can lead to the leaking of sensitive information and potentially executing arbitrary code.

Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Runtime component are affected by this security issue. The issue has been fixed in Symfony 5.4.46, 6.4.14, and 7.1.7.

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argc_argv` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade.

NIST Database article for CVE-2024-50340 is here.

According to the Symfony site, SymfonyRuntime now ignores the argv values for non-cli SAPIs PHP runtimes. The patch for this issue is available here for branch 5.4.

IONIX customers will find impacted assets easily identified in the threat center of the IONIX portal.

References

Symfony article
NIST Database article
Nol_tech article

REQUEST A THREAT EXPOSURE REPORT TODAY

Discover the full extent of your online exposure so you can protect it.