Mhlozek

Name of the Vulnerable Software and Affected Versions: symfony/ux-twig-component versions prior to 2.25.1 symfony/ux-live-component versions prior to 2.25.1 Description: The issue concerns the rendering of `{{ attributes }}` or the use of methods that return a `ComponentAttributes` instance, which can lead to HTML attribute injection and XSS vulnerabilities if the attribute values are unsafe, such as containing user input. Recommendations: For symfony/ux-twig-component versions prior to 2.25.1, update to version 2.25.1. For symfony/ux-live-component versions prior to 2.25.1, update to version 2.25.1. As a temporary workaround, avoid rendering `{{ attributes }}` or derived objects directly if it may contain untrusted values. Instead, use `{{ attributes.render('name') }}` for safe output of individual attributes.