ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType
that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete
version 2.11.2.
CPE | Name | Operator | Version |
---|---|---|---|
ux_autocomplete | lt | 2.11.2 |
github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml
github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c
github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x
symfony.com/bundles/ux-autocomplete/current/index.html