A vulnerability in Symfony may allow remote attackers to read arbitrary files.
|Package||dev-php/symfony on all architectures|
|Affected versions||< 1.4.20|
Symfony is a professional, open-source PHP5 web development framework.
Symfony does not properly sanitize input for upload requests.
A remote attacker could send a specially crafted file upload request, possibly resulting in disclosure of sensitive information.
There is no known workaround at this time.
Gentoo has discontinued support for Symfony. We recommend that users unmerge Symfony:
# emerge --unmerge "dev-php/symfony"
May 18, 2014
May 18, 2014: 1