1. 5
  1.  

  2. 1

    Why is arbitrary code execution (even if it’s HMAC signed), an allowed thing in Symfony based websites? Why isn’t the code to be executed whitelisted against a list of controllers or the like?