Home > Vulnerability Database > CVE-2023-41336

Mend.io Vulnerability Database

CVE-2023-41336

Date: September 11, 2023

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an "EntityType" that is not part of the valid choices. The problem has been fixed in "symfony/ux-autocomplete" version 2.11.2.

Language: PHP

Severity Score

6.5

Related Resources (7)

Url: https://github.com/symfony/ux-autocomplete

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/ux-autocomplete/CVE-2023-41336.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41336

Url: https://symfony.com/bundles/ux-autocomplete/current/index.html#usage-in-a-form-with-ajax

Url: https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x

Url: https://github.com/symfony/ux-autocomplete/commit/fabcb2eee14b9e84a45b276711853a560b5d770c

Url: https://www.mend.io/vulnerability-database/CVE-2023-41336

Severity Score

6.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41336

Date: September 11, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?