Vladimir Dusheyko

**Name of the Vulnerable Software and Affected Versions** Symfony versions prior to 5.4.46 Symfony versions prior to 6.4.14 Symfony versions prior to 7.1.7 **Description** The issue exists due to the lack of measures to neutralize special elements, allowing a remote attacker to execute arbitrary code. When the `register argv argc` php directive is set to `on`, and users call any URL with a specially crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. Over 32,000 results are found to be potentially vulnerable. **Recommendations** For versions prior to 5.4.46, update to version 5.4.46 or later. For versions prior to 6.4.14, update to version 6.4.14 or later. For versions prior to 7.1.7, update to version 7.1.7 or later. As a temporary workaround, consider setting the `register argv argc` php directive to `off` until a patch is applied.