Kbin
/
kbin-core
38
294
Fork 84
Code Issues 480 Pull Requests 56 Actions Packages Projects Releases Wiki Activity

Vulnerable Dependency found #1138

New Issue
Open
opened 2023-09-16 14:08:15 +00:00 by CSDUMMI · 1 comment
CSDUMMI commented 2023-09-16 14:08:15 +00:00

Hi,
I have run the symfony check:security program today on the most recent develop branch and it found the following vulnerable dependency used by kbin:

Symfony Security Check Report
=============================

1 package has known vulnerabilities.

symfony/ux-autocomplete (v2.10.0)
---------------------------------

 * [CVE-2023-41336][]: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields

[CVE-2023-41336]: https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x

Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities.

We maybe able to fix this by upgrading this dependency to v2.11.2

Hi, I have run the `symfony check:security` program today on the most recent `develop` branch and it found the following vulnerable dependency used by kbin: ``` Symfony Security Check Report ============================= 1 package has known vulnerabilities. symfony/ux-autocomplete (v2.10.0) --------------------------------- * [CVE-2023-41336][]: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields [CVE-2023-41336]: https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities. ``` We maybe able to fix this by upgrading this dependency to v2.11.2
ernest added the
high priority
security
 labels 2023-09-17 07:21:28 +00:00
ernest commented 2023-09-17 07:21:57 +00:00
Owner

Thanks, I'll take care of it on Monday.

Thanks, I'll take care of it on Monday.
👍 1
melroy89 added this to the First Beta release milestone 2023-09-22 20:24:24 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
revert
user_moderated_magazines_reports
sidebar-options-improvements-v2
sidebar-options-improvements
fix_tests
e2
user_stats_fix
report_tools
magazine_subs
posts_comments_edited
user_settings_css
translations_sync
ap_sing_testing
kbin_federation_page_fix
zlib-license-addition
tests_fix
user_delete_fix
api_testing
recover_restored_env_file
post_thumb_bounds
repo_query_opt_blocks
random_box_sidebar
repo_query_opt
push_branch_name
revert-password-trim
revert_working_env_example
fix_compact_mode
awesome_bot
embed_async
sidebar_related_posts_and_entries
twig_filesystem_cache
e1_hotfixes
language_update
main
soft_delete_check
hotfix/boost_repo_typo
doctrine_user_cache
user_doctrine_cache
hotfix/magazine_resolver_tmp
hotfix/magazine_resolver
disable_html_cache
database_opt
blackfire
s3storage
Labels
Clear labels   
a11y

Accessibility   
ActivityPub

Incoming and/or outgoing federation of content   
admin

Functionality and updates to improve the experience for admins   
API
   
backend
   
bug

Something is not working   
community
   
conflicting
   
contribution welcome

Contributions are very welcome, get started here   
deployment
   
documentation
   
duplicate

This issue or pull request already exists   
enhancement

New feature or changes to existing functionally   
frontend

Styling, layout and other visual issues   
good first issue

Interested in contributing? Get started here.   
help wanted

Need some help   
high priority
   
instance config
   
low priority
   
mobile
   
moderation
   
more infomation needed

It's not possible to proceed without additional information   
needs feedback

Discussion is needed before action is taken.   
pr pending

This issue is either waiting on a pull request or has been approved and waiting deployment to production   
project setup

Questions / concerns relating to getting the project up and running   
question

A user is asking a question about /kbin, not necessarily reporting an issue   
search
   
security
   
translation
   
translations update needed
   
UI/UX

To do with user interface and/or user experience issues   
upstream

Related to an upstream repository, already reported there
No Label
a11y
ActivityPub
admin
API
backend
bug
community
conflicting
contribution welcome
deployment
documentation
duplicate
enhancement
frontend
good first issue
help wanted
high priority
instance config
low priority
mobile
moderation
more infomation needed
needs feedback
pr pending
project setup
question
search
security
translation
translations update needed
UI/UX
upstream
Milestone
Clear milestone
No items
No Milestone
First Beta release
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Kbin/kbin-core#1138
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?