Symfony · Symfony · CVE-2023-46735
**Name of the Vulnerable Software and Affected Versions**
Symfony versions 6.0.0 through 6.3.7
**Description**
The error message in `WebhookController` returns unescaped user-submitted input. This issue affects Symfony, a PHP framework for web and console applications and a set of reusable PHP components.
**Recommendations**
For versions 6.0.0 through 6.3.7, update to version 6.3.8 or later, where `WebhookController` no longer returns any user-submitted input in its response.
As a temporary workaround, consider modifying the `WebhookController` to not return user-submitted input in its response until a patch is available.