<p>Upgrade <code>symfony/http-foundation</code> to version 2.1.4, 2.0.19 or higher.</p>

=2.0.0, <2.0.19

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-SYMFONYHTTPFOUNDATION-2403509
published 27 Nov 2012
disclosed 27 Nov 2012
credit Damien Tournoud

Report a new vulnerability Found a mistake?

Introduced: 27 Nov 2012

CWE-284 Open this link in a new tab

How to fix?

Upgrade symfony/http-foundation to version 2.1.4, 2.0.19 or higher.

Overview

symfony/http-foundation is a component defines an object-oriented layer for the HTTP specification.

Affected versions of this package are vulnerable to Access Restriction Bypass in the Request::getClientIp() method when the trust proxy mode is enabled (Request::trustProxyData()).

An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp() method for sensitive decisions like IP based access control.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

None
Availability (A)

None

Access Restriction Bypass Affecting symfony/http-foundation package, versions >=2.1.0, <2.1.4 >=2.0.0, <2.0.19

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 27 Nov 2012

How to fix?

Overview

References

CVSS Scores

Snyk