CVE-2023-46734

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46734

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46734.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-46734

Aliases

Related

Published

2023-11-10T18:15:09Z

Modified

2024-10-12T11:09:10.209778Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use is_safe=html but don't actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.

References

Affected packages

Debian:11 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.19+dfsg-2+deb11u4

Affected versions

4.*

4.4.19+dfsg-2

4.4.19+dfsg-2+deb11u1

4.4.19+dfsg-2+deb11u2

4.4.19+dfsg-2+deb11u3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.23+dfsg-1+deb12u1

Affected versions

5.*

5.4.23+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / symfony

Package

Name: symfony
Purl: pkg:deb/debian/symfony?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.31+dfsg-1

Affected versions

5.*

5.4.23+dfsg-1

5.4.24+dfsg-1

5.4.25+dfsg-1

5.4.27+dfsg-1

5.4.28+dfsg-1

5.4.29+dfsg-1

5.4.30+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/symfony/security-http

Affected ranges

Type: GIT
Repo: https://github.com/symfony/security-http
Events: Introduced

6530589fc40cdceda230fb6a69173ce52fa8b5ca

Fixed

19f7b5f5d20879a976d6d376e359bc975dfc6002

Type: GIT
Repo: https://github.com/symfony/symfony
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d095d5feb1322b16450284a04d6bb48d1198f54

Fixed

9da9a145ce57e4585031ad4bee37c497353eec7c

Affected versions

v2.*

v2.0.0

v2.0.0-RC1

v2.0.0-RC2

v2.0.0-RC3

v2.0.0-RC4

v2.0.0-RC5

v2.0.0-RC6

v2.0.0BETA1

v2.0.0BETA2

v2.0.0BETA3

v2.0.0BETA4

v2.0.0BETA5

v2.0.0PR8

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.0-BETA1

v2.1.0-BETA2

v2.1.0-BETA3

v2.1.0-BETA4

v2.1.0-RC1

v2.1.0-RC2

v2.1.1

v2.1.10

v2.1.11

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.0-BETA1

v2.2.0-BETA2

v2.2.0-RC1

v2.2.0-RC2

v2.2.0-RC3

v2.2.1

v2.2.10

v2.2.11

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.0-BETA1

v2.3.0-BETA2

v2.3.0-RC1

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.15

v2.3.16

v2.3.17

v2.3.18

v2.3.19

v2.3.2

v2.3.20

v2.3.21

v2.3.22

v2.3.23

v2.3.24

v2.3.25

v2.3.26

v2.3.27

v2.3.28

v2.3.29

v2.3.3

v2.3.30

v2.3.31

v2.3.32

v2.3.33

v2.3.34

v2.3.35

v2.3.36

v2.3.37

v2.3.38

v2.3.39

v2.3.4

v2.3.40

v2.3.41

v2.3.42

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4.0

v2.4.0-BETA1

v2.4.0-BETA2

v2.4.0-RC1

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.0-BETA1

v2.5.0-BETA2

v2.5.0-RC1

v2.5.1

v2.5.10

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.0-BETA1

v2.6.0-BETA2

v2.6.1

v2.6.10

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.0-BETA1

v2.7.0-BETA2

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.2

v2.7.20

v2.7.21

v2.7.22

v2.7.23

v2.7.24

v2.7.25

v2.7.26

v2.7.27

v2.7.28

v2.7.29

v2.7.3

v2.7.30

v2.7.31

v2.7.32

v2.7.33

v2.7.34

v2.7.35

v2.7.36

v2.7.37

v2.7.38

v2.7.39

v2.7.4

v2.7.40

v2.7.41

v2.7.42

v2.7.43

v2.7.44

v2.7.45

v2.7.46

v2.7.47

v2.7.48

v2.7.49

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.0-BETA1

v2.8.1

v2.8.10

v2.8.11

v2.8.12

v2.8.13

v2.8.14

v2.8.15

v2.8.16

v2.8.17

v2.8.18

v2.8.19

v2.8.2

v2.8.20

v2.8.21

v2.8.22

v2.8.23

v2.8.24

v2.8.25

v2.8.26

v2.8.27

v2.8.28

v2.8.29

v2.8.3

v2.8.30

v2.8.31

v2.8.32

v2.8.33

v2.8.34

v2.8.35

v2.8.36

v2.8.37

v2.8.38

v2.8.39

v2.8.4

v2.8.40

v2.8.41

v2.8.42

v2.8.43

v2.8.44

v2.8.45

v2.8.46

v2.8.47

v2.8.48

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v3.*

v3.0.0

v3.0.0-BETA1

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.1.0

v3.1.0-BETA1

v3.1.0-RC1

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.0

v3.2.0-BETA1

v3.2.0-RC1

v3.2.0-RC2

v3.2.1

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.0-BETA1

v3.3.0-RC1

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.14

v3.3.15

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.0-BETA1

v3.4.0-BETA2

v3.4.0-BETA3

v3.4.0-BETA4

v3.4.0-RC1

v3.4.0-RC2

v3.4.1

v3.4.10

v3.4.11

v3.4.12

v3.4.13

v3.4.14

v3.4.15

v3.4.16

v3.4.17

v3.4.18

v3.4.19

v3.4.2

v3.4.20

v3.4.21

v3.4.22

v3.4.23

v3.4.24

v3.4.25

v3.4.26

v3.4.27

v3.4.28

v3.4.29

v3.4.3

v3.4.30

v3.4.31

v3.4.32

v3.4.33

v3.4.34

v3.4.35

v3.4.36

v3.4.37

v3.4.38

v3.4.39

v3.4.4

v3.4.40

v3.4.41

v3.4.42

v3.4.43

v3.4.44

v3.4.45

v3.4.46

v3.4.47

v3.4.48

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v4.*

v4.0.0

v4.0.0-BETA1

v4.0.0-BETA2

v4.0.0-BETA3

v4.0.0-BETA4

v4.0.0-RC1

v4.0.0-RC2

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.0-BETA1

v4.1.0-BETA2

v4.1.0-BETA3

v4.1.1

v4.1.10

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0

v4.2.0-BETA1

v4.2.0-BETA2

v4.2.0-RC1

v4.2.1

v4.2.10

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.2.9

v4.3.0

v4.3.0-BETA1

v4.3.0-BETA2

v4.3.0-RC1

v4.3.1

v4.3.10

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.4.0

v4.4.0-BETA1

v4.4.0-BETA2

v4.4.0-RC1

v4.4.1

v4.4.10

v4.4.11

v4.4.12

v4.4.13

v4.4.14

v4.4.15

v4.4.16

v4.4.17

v4.4.18

v4.4.19

v4.4.2

v4.4.20

v4.4.21

v4.4.22

v4.4.23

v4.4.24

v4.4.25

v4.4.26

v4.4.27

v4.4.28

v4.4.29

v4.4.3

v4.4.30

v4.4.31

v4.4.32

v4.4.33

v4.4.34

v4.4.35

v4.4.36

v4.4.37

v4.4.38

v4.4.39

v4.4.4

v4.4.40

v4.4.41

v4.4.42

v4.4.43

v4.4.44

v4.4.45

v4.4.46

v4.4.47

v4.4.48

v4.4.49

v4.4.5

v4.4.50

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v5.*

v5.3.13

v5.3.14

v5.4.10

v5.4.11

v5.4.12

v5.4.13

v5.4.15

v5.4.17

v5.4.19

v5.4.2

v5.4.20

v5.4.21

v5.4.22

v5.4.23

v5.4.26

v5.4.28

v5.4.3

v5.4.30

v5.4.31

v5.4.5

v5.4.8

v5.4.9

v6.*

v6.0.0

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.13

v6.0.14

v6.0.15

v6.0.17

v6.0.19

v6.0.2

v6.0.20

v6.0.3

v6.0.5

v6.0.7

v6.0.8

v6.0.9

v6.1.0

v6.1.0-BETA1

v6.1.0-BETA2

v6.1.0-RC1

v6.1.1

v6.1.11

v6.1.12

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.9

v6.2.0

v6.2.0-BETA1

v6.2.0-BETA3

v6.2.0-RC1

v6.2.10

v6.2.11

v6.2.13

v6.2.2

v6.2.5

v6.2.6

v6.2.7

v6.2.8

v6.3.0

v6.3.0-BETA1

v6.3.0-RC1

v6.3.1

v6.3.2

v6.3.4

v6.3.5

v6.3.6

Other

vPR10

vPR11

vPR12

vPR3

vPR4

vPR5

vPR6

vPR8

vPR9