↧
Symfony's Request::getHost() vulnerable to host head attack
In Request::getHost(), if the underlying web server is not correctly configured to deny requests that come from untrusted domain names, the absolute URL generation would be vulnerable to HOST http...
View Article