Detections
Analytics
Symfony FOSJsRoutingBundle Routes Disclosure
info Web App Scanning Plugin ID 113639
Language:
Synopsis
Symfony FOSJsRoutingBundle Routes DisclosureDescription
Symfony is a free and open-source PHP web application framework relying on bundles, which are plugins allowing developers to hook into Symfony. FOSJsRoutingBundle is a popular bundle used to expose the web application routes in JavaScript code.Depending on the method used to expose the routes, this bundle could disclose some internal routes which could help an attacker finding sensitive endpoints and conduct further attacks.
Solution
Ensure that the bundle is configured to only expose public routes.See Also
https://github.com/FriendsOfSymfony/FOSJsRoutingBundle
https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/blob/master/Resources/doc/usage.rst
Plugin Details
Severity: Info
ID: 113639
Type: remote
Family: Component Vulnerability
Published: 3/8/2023
Updated: 3/8/2023
Scan Template: basic, full, pci, scan