[MEDIUM] SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

PKSA-xf5h-y6vg-qj98 CVE-2026-47767 GHSA-fqc7-9xjw-jrh3

Affected package: symfony/runtime

Affected version: >=8.0.0,<8.0.12|>=7.1.7,<7.4.12|>=6.4.14,<6.4.40|>=5.4.46,<5.4.52

Reported by:
GitHub