Name of the Vulnerable Software and Affected Versions Symfony versions 2.0.x

Description The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2 framework where the XML class is used for deserialization or as part of a client/server API.

Recommendations For Symfony version 2.0.x, consider disabling the use of external entities in the XMLEncoder component until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.