2 matches found
PT-2026-42172
Name of the Vulnerable Software and Affected Versions twig/intl-extra affected versions not specified Description IntlExtension memoises every IntlDateFormatter and NumberFormatter it creates in instance-level arrays. These arrays are keyed on a hash including locale, pattern, and attrs, which ar...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the toXmlDocument function of XmlStringPrettyFormatter. An attacker can read arbitrary local files, perform server-side request forgery, or cause denial of service by providing crafted XML input...