Search
Search Results (23 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41336 | 1 Symfony | 1 Ux Autocomplete | 2024-11-21 | 6.5 Medium |
| ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2. | ||||
| CVE-2019-9942 | 2 Debian, Symfony | 2 Debian Linux, Twig | 2024-11-21 | 3.7 Low |
| A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | ||||
| CVE-2018-13818 | 1 Symfony | 1 Twig | 2024-11-21 | N/A |
| Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it | ||||