Lucene search
K
GithubRecent

33187 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`

Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.11 views

Oj: Integer Overflow in Oj.load 2GB String Handling

Summary Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet, causing memcpy to copy an astronomically large amount of data out of bounds. This crashes the process...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.10 views

Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback

Summary Oj::Parser in SAJ mode does not protect cached object keys ≥ 35 bytes from garbage collection. A Ruby callback that triggers GC inside hashend can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the freed string VALUE results i...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

6.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling

Summary Oj::Parserparse in usual mode with createid enabled is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer truncation in formattr usual.c:63 converts the length to -1 before passing it to memcpy. This causes memcpy to...

6.3CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Kozou: Unauthenticated MCP HTTP server and bundled dev-stack hardening (DNS-rebinding, request-body limits, read-only reads, default network exposure)

Kozou compiles a PostgreSQL schema into an Admin UI, a REST API, and an MCP server. Several hardening gaps in the bundled HTTP surfaces and the scaffolded dev stack are fixed in 1.8.1. Issues 1. MCP HTTP server lacked DNS-rebinding protection. The Streamable HTTP transport is unauthenticated and...

6AI score
Exploits0References2Affected Software4
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.5 views

CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages

Impact The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-securit...

7.4CVSS6AI score0.00143EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. Preconditions Relying-party service is hosted with WSFederationHttpBinding or...

10CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...

7.4CVSS6AI score0.00178EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite, but does not validate the DigestMethod declared on each ds:Reference. As a result, a sender can populate ds:SignedInfo with SignatureMethod...

3.7CVSS5.8AI score0.00157EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.12 views

CoreWCF: SAML token replay protection is inoperative

Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Provide your own implementation of ITokenReplayCache with the correct behavior...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.8 views

CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another getpwuid/getgrgid non-reentrant and may crash the host process under contention. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Restrict UDS filesystem permissions so that only trust...

6.2CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.8 views

CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance

Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...

6.5CVSS5.9AI score0.00088EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.6 views

CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...

4.4CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.4 views

CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...

7.4CVSS5.8AI score0.0015EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

CoreWCF: WS-Security signature substitution via document-wide Signature lookup

Impact An unauthenticated remote attacker who can place a SOAP header lexically before wsse:Security can embed a ds:Signature of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security header. Preconditions...

5.9CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake

Impact An unauthenticated remote attacker can pin one server thread‑pool worker at 100 % CPU per connection. With a few connections, the CPU usage can be exhausted. Preconditions An attacker being able to reach a service which is exposing an endpoint using one of NetTcpBinding, NetNamedPipeBindin...

7.5CVSS5.9AI score0.00476EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...

7.1CVSS5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

Oj: Use-After-Free in Oj::Parser SAJ Callback via Input Mutation

Summary Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby string's internal buffer. If a callback e.g. hashstart resizes the string — for example by calling...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.13 views

Oj: Use-After-Free in Oj::Doc Iterators via Reentrant Close

Summary Oj::Doc iterators eachvalue, eachchild, eachleaf are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed while the C iterator is still running. When control returns from the block, the iterator rea...

2.1CVSS6.1AI score0.00117EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.11 views

Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Summary Oj.dump in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With indent: 5000, the...

2.1CVSS6.2AI score0.00119EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.12 views

parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist

Impact Parse Server's default fileUpload.fileExtensions blocklist is intended to prevent uploading files that browsers render as active content such as HTML and SVG, which can be used to perform stored cross-site scripting XSS attacks against other users. The blocklist could be bypassed by...

2.1CVSS5.7AI score0.00406EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.8 views

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Details Two-step chain in ext/oj/fast.c: 1. doceachchild line 1501 increments doc-where pas...

7.5CVSS6AI score0.00263EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00285EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

9.3CVSS6.7AI score0.00284EPSS
Exploits1References2Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Oj: intern.c form_attr (uninitialized stack read)

Summary Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. Details In ext/oj/intern.c, formattr handles the...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using torch.load..., weightsonly=True, but automatically falls back to the fully unsafe torch.load..., weightsonly=False when the safe load raises pickle.UnpicklingError. Because the UnpicklingError condition is fully...

7.5CVSS6.5AI score0.00302EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

7.6CVSS6AI score0.00193EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nesting depth. A crafted query string such as: text axxxx...x=1 causes Faraday to build a deeply nested Ruby Hash structure. The internal dehash...

7.5CVSS5.7AI score0.00391EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.21 views

containerd CRI checkpoint restore CDI annotation smuggling

Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...

9.6CVSS6AI score0.00412EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

8.2CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull

Impact A bug was found in containerd where the CRI plugin propagates labels from an image config LABEL instruction in Dockerfile to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. Patch...

9.4CVSS6AI score0.00203EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

Oj: Stack Buffer Overflow in Oj.dump via Large Indent

Summary Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without validating the size. When opts-indent is set to INTMAX 2,147,483,647, the sizet cast preserves the larg...

6.3CVSS6.3AI score0.00257EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.15 views

containerd: CRI checkpoint import allows local image tag poisoning

Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...

9.9CVSS6.3AI score0.00354EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.10 views

parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Impact A relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by protectedFields, and even when the object owning the relation was not readable by the client under its ACL or class-level permissions...

6.9CVSS5.9AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.9 views

parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Impact Apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPassword endpoints. These endpoints re-fetch the user through the access-controlled query pipeline CLP, protectedFields, auth-adapter sanitizers...

5.9CVSS5.9AI score0.00251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.11 views

parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Impact The default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g. poc.svg.. The trailing dot causes the extension parser to extract an empty string, which short-circuits the blocklist check, and the...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.8 views

symfony/ux-autocomplete: XSS via unescaped AJAX response data

Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.12 views

symfony/ux-live-component: CSRF Protection Bypass — Accept Header is CORS-Safelisted

Description When using symfony/ux-live-component, methods annotated with LiveAction are invokable from the browser and mutate server-side state via AJAX. Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest gated these invocations on the presence of Accept:...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding

Description In symfony/ux-live-component, a component's server-side state is exposed to the browser as a set of props LiveProp-annotated properties. Props marked writable: true can be freely changed by the client. Read-only props are round-tripped to the browser and back, and their integrity is...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

symfony/ux-live-component: XSS via attacker-controlled child component tag

Description Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the $childTag argument directly into the HTML output as a tag name, without escaping or validation. The value originates from client-controlled JSON childrenid.tag parsed by LiveComponentSubscriber an...

6AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

symfony/ux-live-component: Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

parse-server: Server option routeAllowList is bypassable through batch sub-requests

Impact The routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as Express middleware against the outer HTTP request URL, so the /batch handler dispatches each sub-request to the internal router without re-running the...

6.9CVSS6AI score0.00342EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.8 views

containerd image-triggered runtime DoS via unbounded group parsing

Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory OOM kill of the containerd process. This renders the container runtime API unavailab...

5.5CVSS5.9AI score0.00317EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.7 views

Oj: Use-After-Free in Oj::Parser Symbol Key Cache Toggle

Summary Disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but does not clear the pointer. The next parse call reads from the freed cache via cacheintern,...

6.3CVSS5.9AI score0.00428EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:23 p.m.9 views

ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...

6AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities33187