Symphony is vulnerable to directory traversal attacks. The read()
function in the bundle readers does not sanitize user input, allowing a malicious user to traverse the directory.
CPE | Name | Operator | Version |
---|---|---|---|
symfony/symfony | le | 4.0.0-BETA4 | |
symfony/symfony | le | 2.8.30 | |
symfony/symfony | le | 3.2.13 | |
symfony/symfony | le | 2.7.37 | |
symfony/symfony | le | 3.4.0-BETA4 | |
symfony/symfony | le | 3.3.11 |