CVE-2023-41336

Опубликовано: 11 сент. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2.

Ссылки

https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml
Third Party Advisory
https://github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c
Patch
https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x
Vendor Advisory
https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax
Product
https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml
Third Party Advisory
https://github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c
Patch
https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x
Vendor Advisory
https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symfony:ux_autocomplete:*:*:*:*:*:*:*:*

Версия до 2.11.2 (исключая)

EPSS

Процентиль: 77%

0.01045

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-20

Связанные уязвимости

GHSA-4cpv-669c-r79x