CVE-2023-46734
10.11.2023, 18:15
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.
| Vendor | Product | Version |
|---|---|---|
| sensiolabs | symfony | 2.0.0 ≤ 𝑥 < 4.4.51 |
| sensiolabs | symfony | 5.0.0 ≤ 𝑥 < 5.4.31 |
| sensiolabs | symfony | 6.0.0 ≤ 𝑥 < 6.3.8 |
| sensiolabs | twig | 2.0.0 ≤ 𝑥 < 4.4.51 |
| sensiolabs | twig | 5.0.0 ≤ 𝑥 < 5.4.31 |
| sensiolabs | twig | 6.0.0 ≤ 𝑥 < 6.3.8 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References