Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
On the Symfony 2.0.x version, there's a security issue that allows access to routes protected by a firewall even when the user is not logged in.
Both the Routing component and the Security component uses the path returned by getPathInfo() to match a Request. The getPathInfo() returns a decoded path, but the Routing component (Symfony\Component\Routing\Matcher\UrlMatcher) decodes the path a second time; whereas the Security component, Symfony\Component\HttpFoundation\RequestMatcher, does not.
This difference causes Symfony 2.0 to be vulnerable to double encoding attacks.
Permalink: https://github.com/advisories/GHSA-83c3-qx27-2rwrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 2 months ago
Identifiers: GHSA-83c3-qx27-2rwr, CVE-2012-6431
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-6431
- http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released
- https://github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496
- https://github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0d
- https://github.com/advisories/GHSA-83c3-qx27-2rwr
Affected Packages
packagist:symfony/symfony
Versions: >= 2.0, < 2.0.20Fixed in: 2.0.20