A vulnerability in Symfony may allow remote attackers to read arbitrary files.
Package | dev-php/symfony on all architectures |
---|---|
Affected versions | < 1.4.20 |
Unaffected versions |
Symfony is a professional, open-source PHP5 web development framework.
Symfony does not properly sanitize input for upload requests.
A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information.
There is no known workaround at this time.
Gentoo has discontinued support for Symfony. We recommend that users unmerge Symfony:
# emerge --unmerge "dev-php/symfony"
Release date
May 18, 2014
Latest revision
May 18, 2014: 1
Severity
low
Exploitable
remote
Bugzilla entries