Moderate severityNVD Advisory· Published Dec 27, 2012· Updated Jun 16, 2026
CVE-2012-6431
CVE-2012-6431
Description
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/http-foundationPackagist | >= 2.0.0, < 2.0.19 | 2.0.19 |
symfony/routingPackagist | >= 2.0.0, < 2.0.19 | 2.0.19 |
symfony/securityPackagist | >= 2.0.0, < 2.0.19 | 2.0.19 |
symfony/symfonyPackagist | >= 2.0.0, < 2.0.19 | 2.0.19 |
Affected products
24cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*
- ghsa-coords4 versionspkg:composer/symfony/http-foundationpkg:composer/symfony/routingpkg:composer/symfony/securitypkg:composer/symfony/symfony
>= 2.0.0, < 2.0.19+ 3 more
- (no CPE)range: >= 2.0.0, < 2.0.19
- (no CPE)range: >= 2.0.0, < 2.0.19
- (no CPE)range: >= 2.0.0, < 2.0.19
- (no CPE)range: >= 2.0.0, < 2.0.19
Patches
Vulnerability mechanics
References
10- symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-releasednvdVendor AdvisoryWEB
- github.com/advisories/GHSA-83c3-qx27-2rwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6431ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2012-6431.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/routing/CVE-2012-6431.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2012-6431.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2012-6431.yamlghsaWEB
- github.com/symfony/symfony/commit/55014a6841bec50046e8329a4835c160ac31a496ghsaWEB
- github.com/symfony/symfony/commit/8b2c17f80377582287a78e0b521497e039dd6b0dghsaWEB
- symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-releasedghsaWEB
News mentions
0No linked articles in our index yet.