Ondrej Exner

**Name of the Vulnerable Software and Affected Versions** Symfony versions prior to 2.7.38 Symfony versions prior to 2.8.31 Symfony versions prior to 3.2.14 Symfony versions prior to 3.3.13 Symfony versions prior to 3.4-BETA5 Symfony versions prior to 4.0-BETA5 **Description** The issue exists due to insufficient input validation in the Form component of the Symfony platform. An attacker can exploit this by sending a specially crafted HTTP request where the `FileType` value is sent as POST data, which can be interpreted as a local file path on the server-side. This could allow the attacker to disclose protected information. **Recommendations** For Symfony versions prior to 2.7.38, update to version 2.7.38 or later. For Symfony versions prior to 2.8.31, update to version 2.8.31 or later. For Symfony versions prior to 3.2.14, update to version 3.2.14 or later. For Symfony versions prior to 3.3.13, update to version 3.3.13 or later. For Symfony versions prior to 3.4-BETA5, update to version 3.4-BETA5 or later. For Symfony versions prior to 4.0-BETA5, update to version 4.0-BETA5 or later. As a temporary workaround, consider adding additional checks about the value submitted to the `FileType` field to prevent potential exploitation.