Описание
Code injection in the way Symfony implements translation caching in FrameworkBundle
When investigating issue #11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle.
-
Your Symfony application is vulnerable if you meet the following conditions:
-
You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance):
When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first.
Ссылки
- https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af.patch
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/framework-bundle/CVE-2014-4931.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2014-4931.yaml
- https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released
Пакеты
symfony/framework-bundle
>= 2.0.0, < 2.3.18
2.3.18
symfony/framework-bundle
>= 2.4.0, < 2.4.8
2.4.8
symfony/framework-bundle
>= 2.5.0, < 2.5.2
2.5.2
symfony/symfony
>= 2.0.0, < 2.3.19
2.3.19
symfony/symfony
>= 2.4.0, < 2.4.9
2.4.9
symfony/symfony
>= 2.5.0, < 2.5.4
2.5.4
