Merge pull request #754 from xabbuh/cve-2025-64500

stof · web-flow · commit 067beed73500 · 2025-11-12T14:20:02.000+01:00
add entries for CVE-2025-64500
diff --git a/symfony/http-foundation/CVE-2025-64500.yaml b/symfony/http-foundation/CVE-2025-64500.yaml
@@ -0,0 +1,56 @@
+title:     "CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass"
+link:      https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
+cve:       CVE-2025-64500
+branches:
+    2.x:
+        time:     ~
+        versions: ['>=2.0.0', '<3.0.0']
+    3.x:
+        time:     ~
+        versions: ['>=3.0.0', '<4.0.0']
+    4.x:
+        time:     ~
+        versions: ['>=4.0.0', '<5.0.0']
+    5.0.x:
+        time:     ~
+        versions: ['>=5.0.0', '<5.1.0']
+    5.1.x:
+        time:     ~
+        versions: ['>=5.1.0', '<5.2.0']
+    5.2.x:
+        time:     ~
+        versions: ['>=5.2.0', '<5.3.0']
+    5.3.x:
+        time:     ~
+        versions: ['>=5.3.0', '<5.4.0']
+    5.4.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=5.4.0', '<5.4.50']
+    6.0.x:
+        time:     ~
+        versions: ['>=6.0.0', '<6.1.0']
+    6.1.x:
+        time:     ~
+        versions: ['>=6.1.0', '<6.2.0']
+    6.2.x:
+        time:     ~
+        versions: ['>=6.2.0', '<6.3.0']
+    6.3.x:
+        time:     ~
+        versions: ['>=6.3.0', '<6.4.0']
+    6.4.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=6.4.0', '<6.4.29']
+    7.0.x:
+        time:     ~
+        versions: ['>=7.0.0', '<7.1.0']
+    7.1.x:
+        time:     ~
+        versions: ['>=7.1.0', '<7.2.0']
+    7.2.x:
+        time:     ~
+        versions: ['>=7.2.0', '<7.3.0']
+    7.3.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=7.3.0', '<7.3.7']
+reference: composer://symfony/http-foundation
diff --git a/symfony/symfony/CVE-2025-64500.yaml b/symfony/symfony/CVE-2025-64500.yaml
@@ -0,0 +1,56 @@
+title:     "CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass"
+link:      https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
+cve:       CVE-2025-64500
+branches:
+    2.x:
+        time:     ~
+        versions: ['>=2.0.0', '<3.0.0']
+    3.x:
+        time:     ~
+        versions: ['>=3.0.0', '<4.0.0']
+    4.x:
+        time:     ~
+        versions: ['>=4.0.0', '<5.0.0']
+    5.0.x:
+        time:     ~
+        versions: ['>=5.0.0', '<5.1.0']
+    5.1.x:
+        time:     ~
+        versions: ['>=5.1.0', '<5.2.0']
+    5.2.x:
+        time:     ~
+        versions: ['>=5.2.0', '<5.3.0']
+    5.3.x:
+        time:     ~
+        versions: ['>=5.3.0', '<5.4.0']
+    5.4.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=5.4.0', '<5.4.50']
+    6.0.x:
+        time:     ~
+        versions: ['>=6.0.0', '<6.1.0']
+    6.1.x:
+        time:     ~
+        versions: ['>=6.1.0', '<6.2.0']
+    6.2.x:
+        time:     ~
+        versions: ['>=6.2.0', '<6.3.0']
+    6.3.x:
+        time:     ~
+        versions: ['>=6.3.0', '<6.4.0']
+    6.4.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=6.4.0', '<6.4.29']
+    7.0.x:
+        time:     ~
+        versions: ['>=7.0.0', '<7.1.0']
+    7.1.x:
+        time:     ~
+        versions: ['>=7.1.0', '<7.2.0']
+    7.2.x:
+        time:     ~
+        versions: ['>=7.2.0', '<7.3.0']
+    7.3.x:
+        time:     2025-11-12 11:09:14
+        versions: ['>=7.3.0', '<7.3.7']
+reference: composer://symfony/symfony
