6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%
Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy (the HttpCache class) are affected.
Arbitrary PHP code may be executed on the server where an application using Symfony resides.
Update the software
Update to the appropriate version according to the information provided by the developer.
This vulnerability has been addressed in Symfony 2.3.27, 2.5.11 and 2.6.6.
Note that Symfony 2.0, 2.1, 2.2 and 2.4 are no longer being developed or supported therefore this issue has not been fixed in these versions.