Code Injection
The Yaml::parse function in Symfony remote attackers to execute arbitrary PHP code via a PHP file.
Advisories for Composer/Symfony/Yaml package
2014
Code Injection
Symfony allows remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml arser::parse function.