GHSA-89cp-fvcc-hxh7

Source

https://github.com/advisories/GHSA-89cp-fvcc-hxh7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-89cp-fvcc-hxh7/GHSA-89cp-fvcc-hxh7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-89cp-fvcc-hxh7

Aliases

CVE-2012-6432

Published

2022-05-17T05:17:45Z

Modified

2024-12-02T05:41:26.708784Z

Summary

Symfony Access Control Vulnerability

Details

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

Database specific

{
    "nvd_published_at": "2012-12-27T11:47:00Z",
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-15T23:43:12Z"
}

References

Affected packages

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Affected versions

2.*

2.2-dev

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.20

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.5

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4