symfony/symfony is vulnerable to information disclosure. The vulnerability exists as the file paths were not escaped before it is used in FileBinaryMimeTypeGuesser
, allowing Mime-type to be guessed.
github.com/symfony/symfony/commit/2dfc115f6dd56fcc12a6941e8050349cc4d04dbe
github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365
github.com/symfony/symfony/commit/6be5cc75a4817657c5574553a41bdd0193d4fe51
github.com/symfony/symfony/releases/tag/v4.3.8
lists.fedoraproject.org/archives/list/[email protected]/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/
lists.fedoraproject.org/archives/list/[email protected]/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/
lists.fedoraproject.org/archives/list/[email protected]/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/
symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser
symfony.com/blog/symfony-4-3-8-released