4 matches found
IP Address Spoofing
Symfony is vulnerable to IP Address Spoofing The vulnerability is due to the potential manipulation of client IP addresses returned by the Request::getClientIp method for sensitive decisions. It allows malicious actors to manipulate or spoof their IP addresses...
GHSA-HX53-JCHX-CR52 Symfony2 improper IP based access control
Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp...
Symfony2 improper IP based access control
Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp...
Security release: Symfony 2.0.19 and 2.1.4
I've just released Symfony 2.0.19 and 2.1.4. Both releases contain a security fix. Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is...