Design/Logic Flaw

DISPUTED The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /debugbar/open?op=get URI. NOTE: the vendor's position is that this is no...

CVE-2017-18343

The CVE-2017-18343 issue concerns Symfony Debug component (symfony/debug) with an XSS in the debug/exception pretty printing path. Affected versions are Symfony 2.x/3.x prior to the listed fixed points (2.7.33, 2.8.26, 3.2.13, 3.3.6). The vulnerability arises in the debug handler via an array key...