From 9eff6607a90045d9c00fe5a8db2f5f96c8e1a9cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Andr=C3=A9?= Date: Mon, 19 May 2025 14:26:47 +0200 Subject: [PATCH 1/2] Add CVE-2025-47964 for Symfony UX Twig/Live Component --- symfony/ux-live-component/CVE-2025-47946.yaml | 8 ++++++++ symfony/ux-twig-component/CVE-2025-47946.yaml | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 symfony/ux-live-component/CVE-2025-47946.yaml create mode 100644 symfony/ux-twig-component/CVE-2025-47946.yaml diff --git a/symfony/ux-live-component/CVE-2025-47946.yaml b/symfony/ux-live-component/CVE-2025-47946.yaml new file mode 100644 index 000000000..489e33801 --- /dev/null +++ b/symfony/ux-live-component/CVE-2025-47946.yaml @@ -0,0 +1,8 @@ +title: "symfony/ux-live-component Unsanitized HTML attribute injection via ComponentAttributes" +link: https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes +cve: CVE-2025-47946 +branches: + 2.x: + time: 2025-05-19 14:05:00 + versions: ['<2.25.1'] +reference: composer://symfony/ux-live-component diff --git a/symfony/ux-twig-component/CVE-2025-47946.yaml b/symfony/ux-twig-component/CVE-2025-47946.yaml new file mode 100644 index 000000000..650137464 --- /dev/null +++ b/symfony/ux-twig-component/CVE-2025-47946.yaml @@ -0,0 +1,8 @@ +title: "symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes" +link: https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes +cve: CVE-2025-47946 +branches: + 2.x: + time: 2025-05-19 14:05:00 + versions: ['<2.25.1'] +reference: composer://symfony/ux-twig-component From c599f3e8b781d7e7d038977d48212a098dbbd37f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Andr=C3=A9?= Date: Mon, 19 May 2025 14:30:45 +0200 Subject: [PATCH 2/2] Fix time --- symfony/ux-live-component/CVE-2025-47946.yaml | 2 +- symfony/ux-twig-component/CVE-2025-47946.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/symfony/ux-live-component/CVE-2025-47946.yaml b/symfony/ux-live-component/CVE-2025-47946.yaml index 489e33801..1266605b3 100644 --- a/symfony/ux-live-component/CVE-2025-47946.yaml +++ b/symfony/ux-live-component/CVE-2025-47946.yaml @@ -3,6 +3,6 @@ link: https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attr cve: CVE-2025-47946 branches: 2.x: - time: 2025-05-19 14:05:00 + time: 2025-05-19 12:05:00 versions: ['<2.25.1'] reference: composer://symfony/ux-live-component diff --git a/symfony/ux-twig-component/CVE-2025-47946.yaml b/symfony/ux-twig-component/CVE-2025-47946.yaml index 650137464..5df61764a 100644 --- a/symfony/ux-twig-component/CVE-2025-47946.yaml +++ b/symfony/ux-twig-component/CVE-2025-47946.yaml @@ -3,6 +3,6 @@ link: https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attr cve: CVE-2025-47946 branches: 2.x: - time: 2025-05-19 14:05:00 + time: 2025-05-19 12:05:00 versions: ['<2.25.1'] reference: composer://symfony/ux-twig-component