Lucene search
+L

4 matches found

NVD
NVD
added 5 hours ago6 views

CVE-2026-49209

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
CVE
CVE
added 6 hours ago19 views

CVE-2026-49209

The CVE-2026-49209 issue affects Symfony UX LiveComponent’s BatchActionController::__invoke(), which iterates over client-supplied actions and issues a full HttpKernel sub-request per entry. With unbounded action arrays, an authenticated attacker can submit a single _batch request containing thou...

5.3CVSS5.3AI score
Exploits0References4
Snyk
Snyk
added 2026/05/29 10:41 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via unbounded processing of client-supplied actions in BatchActionController::invoke. An attacker can cause denial of servic...

7.1CVSS5.4AI score
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.17 views

symfony/ux-live-component Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.3CVSS5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder