New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Symfony CVE-2019-10909 #396

Closed

xezpeleta opened this issue Nov 22, 2019 · 0 comments · Fixed by #395

Contributor

xezpeleta commented Nov 22, 2019

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
GHSA-g996-q5r8-w7g2

PR from @dependabot didn't pass TravisCI tests (#391).

xezpeleta mentioned this issue

Upgrade Symfony from 2.8.11 to 2.8.52 #395

Merged

xezpeleta closed this as completed in #395

xezpeleta added a commit that referenced this issue


          Upgraded to Symfony 2.8.52 (#395)

40e3450

Fixes #396

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment