CVE-2025-64500

Affected component: Symfony HttpFoundation (Symfony PHP framework). Vulnerability: The Request class improperly interprets some PATH_INFO, allowing representation of URLs without a leading slash and potentially bypassing access-control rules that assume a leading “/”. Versions and root cause: Pri...

CVE-2025-64500

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

CVE-2025-64500 Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the Request class improperly...

PT-2025-46712

Name of the Vulnerable Software and Affected Versions Symfony versions 2.0.0 through 5.4.49 Symfony versions 6.0.0 through 6.4.28 Symfony versions 7.0.0 through 7.3.6 Description Symfony’s HttpFoundation component’s Request class incorrectly parses the PATH INFO value. This can result in URLs bei...

Symfony Host Header Injection vulnerability in the HttpFoundation component

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to...

Sensio Labs Symfony Denial of Service Vulnerability (CNVD-2018-14346)

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework , which provides commonly used functional components and tools , can be used to quickly create complex WEB program . HttpFoundation is one of the HTTP protocol for the definition of t...

Security releases: Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 released

Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 have just been released and they contain security fixes for the Validator component CVE-2013-4751 and the HttpFoundation component CVE-2013-4752. Even if Symfony 2.0 and 2.1 are out of maintenance,...

Fedora Update for php-symfony2-HttpFoundation FEDORA-2012-19442

Check for the Version of php-symfony2-HttpFoundation OpenVAS Vulnerability Test Fedora Update for php-symfony2-HttpFoundation FEDORA-2012-19442 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...