CVE-2017-18343: Cross-site Scripting

July 20, 2018 (updated September 18, 2018)

The debug handler in Symfony has an XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get` URI.

References

nvd.nist.gov/vuln/detail/CVE-2017-18343

Code Behaviors & Features

Detect and mitigate CVE-2017-18343 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →