Symfony is vulnerable to arbitrary code execution attacks. When the @FrameworkBundle/Resources/config/routing/internal.xml
internal routing configuration is used without securing its routes properly, attackers can trigger the vulnerability by using a URI beginning with a /_internal
substring
CPE | Name | Operator | Version |
---|---|---|---|
symfony/symfony | eq | 2.2.x-dev | |
symfony/symfony | le | 2.0.19 | |
symfony/symfony | le | 2.1.4 |