4 matches found
CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string...
CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string...
CVE-2012-6431
CVE-2012-6431 affects Symfony 2.0.x (from 2.0.0 through 2.0.19), where the Routing and Security components mishandle URL-encoded data, allowing a doubly encoded string to bypass URI restrictions. The root cause is a double-decoding flow: UrlMatcher decodes the path again while RequestMatcher does...
Security release: Symfony 2.0.20 and 2.1.5 released
Log in to add a reaction to this post add a reaction ❤️ 👍 🚀 Symfony 2.0.20 and Symfony 2.1.5 have just been released and they both contain two security fixes. CVE-2012-6431: Routes behind a firewall are accessible even when not logged in Affected versions All versions from 2.0.0 to 2.0.19 are...