Vulnerability Database
289,784
Total vulnerabilities in the database
CVE-2014-4931
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle.
-
Your Symfony application is vulnerable if you meet the following conditions:
-
You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance):
When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first.
| Software | From | Fixed in |
|---|---|---|
symfony / framework-bundle
|
2.0.0 | 2.3.18 |
|
symfony / framework-bundle
|
2.4.0 | 2.4.8 |
|
symfony / framework-bundle
|
2.5.0 | 2.5.2 |
|
symfony / symfony
|
2.0.0 | 2.3.19 |
|
symfony / symfony
|
2.4.0 | 2.4.9 |
|
symfony / symfony
|
2.5.0 | 2.5.4 |
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml
- https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch
- https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released