CVE-2023-41336: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields

Affected Versions Versions < 2.11.1 are of the symfony/ux-autocomplete package are affected by this security issue. Description Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the… https://symfony.com/blog/cve-2023-41336-symfony-ux-autocomplete-prevent-injection-of-invalid-entity-ids-for-autocomplete-fields?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

Erstellt 2y | 11.09.2023, 14:20:23


Melden Sie sich an, um einen Kommentar hinzuzufügen

Andere Beiträge in dieser Gruppe

SymfonyCon Amsterdam 2025: Community Evening - Let’s Celebrate 20 Years of Symfony Together!

Symfony is turning 20 and we’re throwing a party you won’t want to miss! 🥳

Join us for an unforgettable evening of drinks, music, and great company at the Kanarie Club in Amsterdam!

This year

23.07.2025, 15:10:02 | Symfony
A Week of Symfony #968 (July 14–20, 2025)

This week, the upcoming Symfony 7.4 version improved the Serializer component by adding more prefix support to the accessor, added more code to make the JsonPath component RFC compliant, and added sup

20.07.2025, 08:20:04 | Symfony
A Week of Symfony #967 (July 7–13, 2025)

This week, Symfony unveiled the Symfony AI initiative, a set of components and bundles designed to bring powerful AI capabilities directly into your PHP applications. In addition, we published travel

13.07.2025, 09:20:11 | Symfony
Kicking off the Symfony AI Initiative

Today we are happy to announce a new Symfony initiative called Symfony AI - with the goal to provide a comprehensive set of components and bundles designed to bring powerful AI capabilities directly i

11.07.2025, 13:20:27 | Symfony
SymfonyCon Amsterdam 2025: Travel & Lodging Tips

SymfonyCon Amsterdam 2025, our next annual international Symfony conference, will take place on:

November 25 & 26: 2 workshops days with several topics to learn, practice and improve your skills

11.07.2025, 08:40:20 | Symfony
A Week of Symfony #966 (June 30 – July 6, 2025)

This week, development on the upcoming Symfony 8.0 version continued with the removal of deprecated features and the marking of several classes as final. In addition, we published two new case studies

06.07.2025, 08:10:15 | Symfony
Case study: Modernizing Audi France’s Digital Ecosystem with Symfony 6

At Wide, Micropole’s digital agency, they help leading brands modernize their digital infrastructures while ensuring scalability, security, and performance. When Audi France approached them to migrate

04.07.2025, 09:40:14 | Symfony