6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.0%
Description Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom query_builder option to limit the valid results; AND An EntityType with ‘autocomplete’ => true or a custom AsEntityAutocompleteField. Under this circumstance, if an id is submitted, it is accepted even if the matching record would not be returned by the custom query built with query_builder. Patches The problem has been fixed in symfony/ux-autocomplete version 2.11.2. Workarounds Upgrade to version 2.11.2 or greater of symfony/ux-autocomplete or perform extra validation after submit to verify the selected option is valid.
CPE | Name | Operator | Version |
---|---|---|---|
symfony/ux-autocomplete | lt | 2.11.2 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.0%