Symfony versions <5.4.46; >=6, <6.4.14; >=7, <7.1.7 of the Symfony Runtime component allows attackers to call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request.
