Victor Berchet

**Name of the Vulnerable Software and Affected Versions** Symfony versions 2.0.x through 2.0.20 Symfony versions 2.1.x through 2.1.5 Symfony version 2.2-dev **Description** The issue allows remote attackers to access arbitrary services via vectors involving a URI beginning with a `/api/ internal` endpoint, specifically when the internal routes configuration is enabled. **Recommendations** For Symfony versions 2.0.x through 2.0.20, update to version 2.0.20 or later. For Symfony versions 2.1.x through 2.1.5, update to version 2.1.5 or later. For Symfony version 2.2-dev, consider disabling the internal routes configuration until a patch is available.