symfony/routing
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting symfony/routingpage 1 of 1
- CVE-2012-6431NONECVSS 0.0EG 0.0✓ Fixed in 2.0.192012-12-27
vulnerable: 2.0.4 ... v2.0.9 (13 versions)
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
- CVE-2026-45065MEDIUMCVSS 0.0EG 0.0✓ Fixed in 8.0.122026-05-27
vulnerable: v8.0.0 ... v8.0.9 (7 versions)
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection ### Description Symfony routes can declare a requirements regex per path parameter, e.g. a route `/{_locale}/blog` wit…
- CVE-2026-48784MEDIUMCVSS 0.0EG 0.0✓ Fixed in 8.0.132026-06-15
vulnerable: v8.0.0 ... v8.0.9 (8 versions)
Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization ### Description `Symfony\Component\Routing\Generator\UrlGenerator::doGenerate()` percen…
Check whether symfony/routing is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for symfony/routing CVEs against the assets you own.
Start Free Scan →