Level 73
I would start by running composer update, since that will most likely handle the issue.
If it doesn't check the GitHub page for the project, and see if they implemented a fix for it.
2 likes
Jan 1, 2026
3
Level 6
Got a security vulnerabilty after updating a composer package
I got this message after updating a package. What should I do?
| Package | symfony/http-foundation |
| Severity | high |
| CVE | CVE-2025-64500 |
| Title | CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization bypass |
| URL | https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass |
| Affected versions | >=2.0.0,<3.0.0 |
| Reported at | 2025-11-12T11:09:14+00:00 |
Level 80
@chron What version of Laravel are you running? Versions 2 and 3 of symfony/http-foundation are absolutely ancient! The current version of that package is 8: https://packagist.org/packages/symfony/http-foundation
1 like
Level 6
I'm using Laravel 12
$ sail artisan about
| Environment | |
|---|---|
| Application Name | LOCAL_SYSTEM |
| Laravel Version | 12.44.0 |
| PHP Version | 8.4.13 |
| Composer Version | 2.8.12 |
| Environment | local |
| Debug Mode | ENABLED |
| URL | localhost |
| Maintenance Mode | OFF |
| Timezone | UTC |
| Locale | en |
| Cache | |
|---|---|
| Config | NOT CACHED |
| Events | NOT CACHED |
| Routes | NOT CACHED |
| Views | CACHED |
| Drivers | |
|---|---|
| Broadcasting | log |
| Cache | file |
| Database | mariadb |
| Logs | stack / single |
| smtp | |
| Queue | database |
| Scout | algolia |
| Session | file |
| Storage | |
|---|---|
| public/storage | LINKED |
1 like
Please or to participate in this conversation.