CVE-2012-6431 Information

Description

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

Reference

http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released