Merge pull request #751 from smnandre/cve-2025-47964

stof · web-flow · commit 63bf4d09af1b · 2025-08-29T16:21:09.000+02:00
Add CVE-2025-47964 for Symfony UX Twig/Live Component
diff --git a/symfony/ux-live-component/CVE-2025-47946.yaml b/symfony/ux-live-component/CVE-2025-47946.yaml
@@ -0,0 +1,8 @@
+title:  "symfony/ux-live-component Unsanitized HTML attribute injection via ComponentAttributes"
+link:   https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes
+cve:    CVE-2025-47946
+branches:
+    2.x:
+        time:       2025-05-19 12:05:00
+        versions:   ['<2.25.1']
+reference: composer://symfony/ux-live-component
diff --git a/symfony/ux-twig-component/CVE-2025-47946.yaml b/symfony/ux-twig-component/CVE-2025-47946.yaml
@@ -0,0 +1,8 @@
+title:  "symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes"
+link:   https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes
+cve:    CVE-2025-47946
+branches:
+    2.x:
+        time:       2025-05-19 12:05:00
+        versions:   ['<2.25.1']
+reference: composer://symfony/ux-twig-component
