GHSA-4CPV-669C-R79X Prevent injection of invalid entity ids for "autocomplete" fields

Impact Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. Affected applications are any that use: A custom querybuilder option to limit the valid results; AND An EntityType with 'autocomplete' = true or a custom...

PT-2023-27912 · Symfony · Symfony/Ux-Autocomplete

Name of the Vulnerable Software and Affected Versions: symfony/ux-autocomplete versions prior to 2.11.2 Description: The issue allows an attacker to submit an entity id for an EntityType that is not part of the valid choices under certain circumstances. This can occur in applications that use a...