Search for packages
| purl | pkg:composer/symfony/framework-bundle@2.4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zry9-awfb-hqab
Aliases: CVE-2014-4931 GHSA-wfv7-5x33-v22h |
Code injection in the way Symfony implements translation caching in FrameworkBundle When investigating issue [#11093](https://github.com/symfony/symfony/issues/11093), [Jeremy Derussé](https://connect.sensiolabs.com/profile/jderusse) found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from FrameworkBundle (so basically if you are using Symfony full-stack -- you are not affected if you are using the Translation component with Silex for instance); You don't sanitize locales coming from a URL (any route with a _locale argument for instance): When vulnerable, an attacker can submit a non-valid locale value that can contain some PHP code that will be executed by Symfony. That's because the locale value is dumped into a PHP file generated in the cache without being sanitized first. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:12:50.318214+00:00 | GitLab Importer | Affected by | VCID-zry9-awfb-hqab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/framework-bundle/CVE-2014-4931.yml | 37.0.0 |