PT-2024-40395 — Unknown Fosrestbundle

PT-2024-40395 · Unknown · Fosrestbundle

Published

2024-05-15

Updated

2024-05-15

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions FOSRestBundle versions 1.2.0 through 1.2.1

Description The issue arises from incorrect validation of the JSONP callback query parameter name instead of its value, affecting users of the JSONP handler with FOSRestBundle.

Recommendations For FOSRestBundle versions 1.2.0 and 1.2.1, update to FOSRestBundle version 1.2.2 to resolve the issue.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

GHSA-P9FG-J6WW-953M

Affected Products

Fosrestbundle