pkg:Packagist/symfony/ux-live-component

所有已知漏洞

• MEDIUM6.1CVE-2025-47946Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
  from 0, < 2.25.1
• —CVE-2026-49215symfony/ux-live-component: CSRF Protection Bypass — Accept Header is CORS-Safelisted
  >= 2.22.0, < 2.36.0
• —CVE-2026-49212symfony/ux-live-component: LiveComponentHydrator HMAC checksum lacks component and slot binding
  >= 2.8.0, < 2.36.0
• —CVE-2026-49210symfony/ux-live-component: XSS via attacker-controlled child component tag
  >= 2.8.0, < 2.36.0
• —symfony/ux-live-component: Denial of service via unbounded batch action requests
  >= 2.5.0, < 2.36.0
• —ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor
  >= 2.8.0, < 2.36.0