Package impact
Packagist / symfony/routing
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-6431 | medium | — | 6.4 | 14y ago | Symfony Allows URI Restrictions Bypass Via Double-Encoded String | |||
| CVE-2026-45065 | medium | — | 5.5 | 16d ago | Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection | |||
| CVE-2026-48784 | unknown | — | — | 10d ago | CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization |