3 matches found
CVE-2026-49208
Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a LiveProp is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value, allowing client-supplied...
CVE-2026-49208 Symfony UX: Format-less date LiveProps parsed with the permissive DateTime constructor
Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, when a LiveProp is typed as DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value, allowing client-supplied...
PT-2026-51049
Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.8.0 through 2.35.0 Symfony UX versions 3.0.0 through 3.0.x Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, the function hydrateObjectValue in...