CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
77.1%
Symfony is an open source web application framework provided by SensioLabs. Symfony contains a code injection vulnerability. Applications with ESI support enabled and using the Symfony built-in reverse proxy (the HttpCache class) are affected.
Arbitrary PHP code may be executed on the server where an application using Symfony resides.
Update the software
Update to the appropriate version according to the information provided by the developer.
This vulnerability has been addressed in Symfony 2.3.27, 2.5.11 and 2.6.6.
Note that Symfony 2.0, 2.1, 2.2 and 2.4 are no longer being developed or supported therefore this issue has not been fixed in these versions.