CVE-2015-2308: Esi Code Injection

June 24, 2015 (updated December 2, 2016)

Applications with ESI support (and SSI support as of Symfony ) enabled and using the Symfony built-in reverse proxy (the Symfony\Component\HttpKernel\HttpCache class) are vulnerable to PHP code injection; a malicious user can inject PHP code that will be executed by the server.

References

symfony.com/blog/cve-2015-2308-esi-code-injection

Detect and mitigate CVE-2015-2308 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →