GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun May 18, 2014 11:26 pm Post subject: [ GLSA 201405-25 ] Symfony: Information disclosure |
|
|
Gentoo Linux Security Advisory
Title: Symfony: Information disclosure (GLSA 201405-25)
Severity: low
Exploitable: remote
Date: May 18, 2014
Bug(s): #444696
ID: 201405-25
Synopsis
A vulnerability in Symfony may allow remote attackers to read
arbitrary files.
Background
Symfony is a professional, open-source PHP5 web development framework.
Affected Packages
Package: dev-php/symfony
Vulnerable: < 1.4.20
Architectures: All supported architectures
Description
Symfony does not properly sanitize input for upload requests.
Impact
A remote attacker could send a specially crafted file upload request,
possibly resulting in disclosure of sensitive information.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Symfony. We recommend that users
unmerge Symfony:
Code: | # emerge --unmerge "dev-php/symfony"
|
References
CVE-2012-5574
Last edited by GLSA on Wed Jun 25, 2014 4:32 am; edited 2 times in total |
|