GHSA-89cp-fvcc-hxh7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-89cp-fvcc-hxh7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-89cp-fvcc-hxh7/GHSA-89cp-fvcc-hxh7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-89cp-fvcc-hxh7
- Aliases
-
- CVE-2012-6432
- Published
- 2022-05-17T05:17:45Z
- Modified
- 2024-12-02T05:41:26.708784Z
- Summary
- Symfony Access Control Vulnerability
- Details
-
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a
/_internalsubstring. - Database specific
{ "cwe_ids": [ "CWE-284" ], "github_reviewed": true, "github_reviewed_at": "2023-08-15T23:43:12Z", "nvd_published_at": "2012-12-27T11:47:00Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-6432
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6432.yaml
- https://github.com/symfony/symfony
- https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released
- http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released
Affected packages
Packagist / symfony/symfony
Package
- Name
- symfony/symfony
- Purl
- pkg:composer/symfony/symfony
Packagist / symfony/symfony
Package
- Name
- symfony/symfony
- Purl
- pkg:composer/symfony/symfony
Packagist / symfony/symfony
Package
- Name
- symfony/symfony
- Purl
- pkg:composer/symfony/symfony