Symfony: Information disclosure

Symfony: Information disclosure A vulnerability in Symfony may allow remote attackers to read arbitrary files. symfony 2014-05-18 2014-05-18 444696 remote 1.4.20

Symfony is a professional, open-source PHP5 web development framework.

Symfony does not properly sanitize input for upload requests.

A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information.

There is no known workaround at this time.

Gentoo has discontinued support for Symfony. We recommend that users unmerge Symfony:


      # emerge --unmerge "dev-php/symfony"

CVE-2012-5574 underling ackle