Description

Your Symfony web application is using a weak/predictable application secret (APP_SECRET).

An attacker can use this secret to potentially execute arbitrary PHP code using the ESI (Edge-Side Includes) functionality that is accessible at /_fragment.

Remediation

It's recommended to change the Symfony's application secret (APP_SECRET) to a long random string.

References

Related Vulnerabilities