Search for packages
| purl | pkg:composer/symfony/serializer@6.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6ty5-u59k-pbhh
Aliases: CVE-2023-46735 GHSA-72x2-5c85-6wmr |
Symfony potential Cross-site Scripting in WebhookController ### Description The error message in WebhookController returns unescaped user-submitted input. ### Resolution WebhookController now doesn't return any user-submitted input in its response. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962) for branch 6.3. ### Credits We would like to thank Maxime Aknin for reporting the issue and to Nicolas Grekas for providing the fix. |
Affected by 0 other vulnerabilities. |
|
VCID-xv9e-a7qq-63a1
Aliases: CVE-2023-46734 GHSA-q847-2q57-wmr3 |
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters ### Description Some Twig filters in CodeExtension use "is_safe=html" but don't actually ensure their input is safe. ### Resolution Symfony now escapes the output of the affected filters. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c) for branch 4.4. ### Credits We would like to thank Pierre Rudloff for reporting the issue and to Nicolas Grekas for providing the fix. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T18:53:03.743857+00:00 | GitLab Importer | Affected by | VCID-xv9e-a7qq-63a1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46734.yml | 37.0.0 |
| 2025-07-03T18:52:59.120521+00:00 | GitLab Importer | Affected by | VCID-6ty5-u59k-pbhh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/symfony/serializer/CVE-2023-46735.yml | 37.0.0 |