mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
955 B
955 B
CVE-2023-41336
Description
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an EntityType that is not part of the valid choices. The problem has been fixed in symfony/ux-autocomplete version 2.11.2.
POC
Reference
- https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax
- https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax
Github
No PoCs found on GitHub currently.