Lucene search
PRIOn knowledge basePRION:CVE-2023-41336HistorySep 11, 2023 - 8:15 p.m.
Code injection
2023-09-1120:15:00
PRIOn knowledge base
www.prio-n.com
4
javascript
autocomplete
symfony
code injection
security fix
nvd
entity id
0.001 Low
EPSS
Percentile
20.0%
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ux_autocomplete | lt | 2.11.2 |
References
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml
github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c
github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x
symfony.com/bundles/ux-autocomplete/current/index.html
Related
cve
cve
CVE-2023-41336
2023-09-11 20:15:10
nvd
nvd
CVE-2023-41336
2023-09-11 20:15:10
veracode
veracode
Improper Input Validation
2023-09-13 08:46:01
github
github
Prevent injection of invalid entity ids for "autocomplete" fields
2023-09-11 14:43:05
osv
osv
Prevent injection of invalid entity ids for "autocomplete" fields
2023-09-11 14:43:05
CVE-2023-41336
2023-09-11 20:15:10
cvelist
cvelist
friendsofphp
friendsofphp
symfony
symfony