Description
Your Symfony web application is using a weak/predictable application secret (APP_SECRET).
An attacker can use this secret to potentially execute arbitrary PHP code using the ESI (Edge-Side Includes) functionality that is accessible at /_fragment.
Remediation
It's recommended to change the Symfony's application secret (APP_SECRET) to a long random string.
References
Related Vulnerabilities
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
Moveable Type 4.x unauthenticated remote command execution
WordPress Plugin WordPress Social Sharing-Social Warfare Multiple Vulnerabilities (3.5.2)
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)