CVE-2012-6431: Routes behind a firewall are accessible even when not logged in

December 27, 2012 (updated January 7, 2013)

Symfony does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

References

symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

Detect and mitigate CVE-2012-6431 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →