CVE-2024-45592

CVSS V2 None CVSS V3 None
Description
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to 6.0.0, there is an unescaped entity property enabling Javascript injection. This is possible because %source_label% in twig macro is not escaped. Therefore script tags can be inserted and are executed. The vulnerability is fixed in 6.0.0.
Overview
  • CVE ID
  • CVE-2024-45592
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-10T16:00:14.887Z
  • Last Modified Date
  • 2024-09-10T19:23:29.574Z
History
Created Old Value New Value Data Type Notes
2024-09-11 13:13:07 Added to TrackCVE