Name of the Vulnerable Software and Affected Versions Symfony2 versions prior to the fixed version

Description A security issue was found in the Request::getClientIp() method when the trust proxy mode is enabled. This issue affects applications that use the client IP address for sensitive decisions like IP-based access control. The problem arises from the trust proxy mode being enabled, which can lead to incorrect client IP addresses being used.

Recommendations To fix this issue, use the new Request::setTrustedProxies() method instead of Request::trustProxyData() to enable the trust proxy mode, passing an array of trusted proxy IP addresses as its argument. For example: Request::setTrustedProxies(array('1.1.1.1')); where '1.1.1.1' is the IP address of a trusted reverse proxy. Apply the provided patches for Symfony 2.0.19 or Symfony 2.1.4 if an upgrade to the latest version is not feasible at this time.