Symfony vulnerable to open redirect via browser-sanitized URLs
The Request class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the Request class to redirect users to another domain.