Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy (the HttpCache class) are affected.
Arbitrary PHP code may be executed on the server where an application using Symfony resides.
Update the software
Update to the appropriate version according to the information provided by the developer.
This vulnerability has been addressed in Symfony 2.3.27, 2.5.11 and 2.6.6.
Note that Symfony 2.0, 2.1, 2.2 and 2.4 are no longer being developed or supported therefore this issue has not been fixed in these versions.
## Products Affected