15 matches found
CVE-2026-49209
The CVE-2026-49209 issue affects Symfony UX LiveComponent’s BatchActionController::__invoke(), which iterates over client-supplied actions and issues a full HttpKernel sub-request per entry. With unbounded action arrays, an authenticated attacker can submit a single _batch request containing thou...
CVE-2026-49209 Symfony UX: Denial of service in symfony/ux-live-component via unbounded batch action requests
Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...
symfony/ux-live-component: Denial of service via unbounded batch action requests
Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...
PT-2026-51050
Name of the Vulnerable Software and Affected Versions Symfony UX Live Component versions prior to 2.x Symfony UX Live Component versions prior to 3.x Description The BatchActionController:: invoke function iterates over a client-supplied actions array and issues a full HttpKernel sub-request for...
Allocation of Resources Without Limits or Throttling
Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded processing of client-supplied actions in BatchActionController::invoke. An attacker can cause denial of servic...
WordPress plugin Media Library Assistant 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...
BIT-JOOMLA-2020-8419
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...
Malicious code in batch-actions (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6755 Malicious code in batch-actions (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Privilige escalation in ERC1155
Handle cmichel Vulnerability details Vulnerability Details The ERC1155.checkPostTransferEvent function allows the from address to specify trades that are executed by the to address if to approved msg.sender. Impact An approved account can execute arbitrary batch actions on behalf of the approver,...
Joomla! 3.x < 3.9.15 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A cross-site request forgery CSRF exists in versions 3.0.0 to 3.9.14 due to a missing token checks in the batch actions of various components CVE-2020-8419 - A cross-site...
Cross site request forgery (csrf)
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities...
PT-2020-20124 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.15 Description: An issue was discovered in Joomla! where missing token checks in the batch actions of various components cause CSRF vulnerabilities. Recommendations: For versions prior to 3.9.15, update to versio...
[20200101] - Core - CSRF in batch actions
Missing token checks in the batch actions of various components causes CSRF vulnerabilities...