Overview
About vulnerability
Description
The Request class improperly interprets some PATH_INFO in a way that leads to representing some URLs with a path that doesn’t start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption.
Resolution
The Request class now ensures that URL paths always start with a /.
The patch for this issue is available here for branch 5.4.
Credits
We would like to thank Andrew Atkinson for discovering the issue, Chris Smith for reporting it and Nicolas Grekas for providing the fix.
Details
- Affected product:
- Laravel , Symfony , cboden/ratchet , drupal/core , ratchetphp/pawl , voryx/thruway
- Affected packages:
- cboden/ratchet @ v0.3.6 (+116 more)
Description
The Request class improperly interprets some PATH_INFO in a way that leads to representing some URLs with a path that doesn’t start with a /. This can allow bypassing some access control rules that are built with this /-prefix assumption.
Resolution
The Request class now ensures that URL paths always start with a /.
The patch for this issue is available here for branch 5.4.
Credits
We would like to thank Andrew Atkinson for discovering the issue, Chris Smith for reporting it and Nicolas Grekas for providing the fix.