Moderate severityNVD Advisory· Published Nov 10, 2023· Updated Sep 3, 2024
Symfony potential Cross-site Scripting in WebhookController
CVE-2023-46735
Description
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in WebhookController returns unescaped user-submitted input. As of version 6.3.8, WebhookController now doesn't return any user-submitted input in its response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/webhookPackagist | >= 6.3.0, < 6.3.8 | 6.3.8 |
symfony/symfonyPackagist | >= 6.3.0, < 6.3.8 | 6.3.8 |
Affected products
10- osv-coords9 versionspkg:bitnami/symfonypkg:composer/symfony/symfonypkg:composer/symfony/webhookpkg:deb/ubuntu/symfony@2.7.10-0ubuntu2?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/symfony@3.4.6+dfsg-1ubuntu0.1+esm2?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/symfony@4.3.8+dfsg-1ubuntu1?arch=source&distro=focalpkg:deb/ubuntu/symfony@5.4.4+dfsg-1ubuntu8?arch=source&distro=jammypkg:deb/ubuntu/symfony@6.4.10+dfsg-1ubuntu1?arch=source&distro=oracularpkg:deb/ubuntu/symfony@6.4.5+dfsg-3ubuntu3?arch=source&distro=noble
>= 6.0.0, < 6.3.8+ 8 more
- (no CPE)range: >= 6.0.0, < 6.3.8
- (no CPE)range: >= 6.3.0, < 6.3.8
- (no CPE)range: >= 6.3.0, < 6.3.8
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- Range: >= 6.3.0, < 6.3.8
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-72x2-5c85-6wmrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46735ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2023-46735.yamlghsaWEB
- github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962ghsax_refsource_MISCWEB
- github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmrghsax_refsource_CONFIRMWEB
- symfony.com/cve-2023-46735ghsaWEB
News mentions
0No linked articles in our index yet.