CVE-2012-6431MEDIUM≥ 2.0.0, < 2.0.192022-05-17
CVE-2012-6431 [MEDIUM] CWE-287 Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
On the Symfony 2.0.x version, there's a security issue that allows access to routes protected by a firewall even when the user is not logged in.
Both the Routing component and the Security component uses the path returned by `getPathInfo()` to match a Request. The `getPathInfo()` returns a decoded path, but the Routing component (`Symf
ghsaosv