You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 6, 2024
On the Symfony 2.0.x version, there's a security issue that allows access to routes protected by a firewall even when the user is not logged in.
Both the Routing component and the Security component uses the path returned by getPathInfo() to match a Request. The getPathInfo() returns a decoded path, but the Routing component (Symfony\Component\Routing\Matcher\UrlMatcher) decodes the path a second time; whereas the Security component, Symfony\Component\HttpFoundation\RequestMatcher, does not.
This difference causes Symfony 2.0 to be vulnerable to double encoding attacks.
On the Symfony 2.0.x version, there's a security issue that allows access to routes protected by a firewall even when the user is not logged in.
Both the Routing component and the Security component uses the path returned by
getPathInfo()
to match a Request. ThegetPathInfo()
returns a decoded path, but the Routing component (Symfony\Component\Routing\Matcher\UrlMatcher
) decodes the path a second time; whereas the Security component,Symfony\Component\HttpFoundation\RequestMatcher
, does not.This difference causes Symfony 2.0 to be vulnerable to double encoding attacks.
References