Skip to content

Potential XSS vulnerabilities in CodeExtension filters

Low
nicolas-grekas published GHSA-q847-2q57-wmr3 Nov 10, 2023

Package

composer symfony/symfony (Composer)

Affected versions

>=2.0.0,<4.4.51
>=5.0.0,<5.4.31
>=6.0.0,<6.3.8

Patched versions

4.4.51
5.4.31
4.4.51
composer symfony/twig-bridge (Composer)
>=2.0.0,<4.4.51
>=5.0.0,<5.4.31
>=6.0.0,<6.3.8
4.4.51
5.4.31
6.3.8

Description

Description

Some Twig filters in CodeExtension use "is_safe=html" but don't actually ensure their input is safe.

Resolution

Symfony now escapes the output of the affected filters.

The patch for this issue is available here for branch 4.4.

Credits

We would like to thank Pierre Rudloff for reporting the issue and to Nicolas Grekas for providing the fix.

Severity

Low

CVE ID

CVE-2023-46734

Weaknesses

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. Learn more on MITRE.

Credits