CVE-2023-46734

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 10, 2023

Updated: Nov 24, 2023

CWE ID 79

Summary

CVE-2023-46734 is a vulnerability affecting the Symfony PHP framework and its components, specifically some Twig filters in CodeExtension. Prior to versions 4.4.51, 5.4.31, and 6.3.8, these filters used the `is_safe=html` mode but failed to ensure input safety. Consequently, an attacker could potentially inject malicious HTML code. With the release of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now properly escapes the output of the affected filters, mitigating this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwX9q
https://www.cve.org/CVERecord?id=CVE-2023-46734
https://nvd.nist.gov/vuln/detail/CVE-2023-46734

Back to Vulnerability Database

CVE-2023-46734

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations