ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-09-11T19:21:48.938Z
Updated: 2024-09-26T15:37:18.042Z
Reserved: 2023-08-28T16:56:43.367Z
Link: CVE-2023-41336
Vulnrichment
Updated: 2024-08-02T19:01:35.090Z
NVD
Status : Modified
Published: 2023-09-11T20:15:10.983
Modified: 2024-11-21T08:21:06.200
Link: CVE-2023-41336
Redhat
No data.