CVE-2023-41336

Published September 11th, 2023

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.

FriendsOfPHP/security-advisories

A database of PHP security advisories

GitHub

2.12K

symfony/ux-autocomplete

JavaScript Autocomplete functionality for Symfony

GitHub