mirror of
https://github.com/Sylius/Sylius.git
synced 2026-07-14 17:10:53 +00:00
Add md file with description ignored CVE and fix format (#18553)
| Q | A |-----------------|----- | Branch? | 1.14 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | #18549 | License | MIT Details in file AUDIT-IGNORE.md
This commit is contained in:
commit
c7cb75f310
2 changed files with 21 additions and 1 deletions
15
AUDIT-IGNORE.md
Normal file
15
AUDIT-IGNORE.md
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# AUDIT-IGNORE
|
||||
|
||||
This document explains why specific advisories are added to `composer.json` → `config.audit.ignore`.
|
||||
|
||||
**PKSA-gs8r-6kz6-pp56** — `api-platform/core` CVE-2025-31485; affected versions < 3.4.17, 4.0.0–4.0.21, 4.1.0–4.1.4 are pulled by Sylius dependency constraints. GraphQL property security grant caching issue allows unauthorized access.
|
||||
https://www.cve.org/CVERecord?id=CVE-2025-31485
|
||||
|
||||
**PKSA-gnn4-pxdg-q76m** — `api-platform/core` CVE-2025-31481; same affected versions as above. GraphQL security bypass via Relay `node` type allows unauthorized entity access.
|
||||
https://www.cve.org/CVERecord?id=CVE-2025-31481
|
||||
|
||||
**PKSA-yhcn-xrg3-68b1** — `twig/twig` CVE-2024-45411; affected versions < 1.44.8, < 2.16.1, < 3.14.0 are pulled by Sylius dependency constraints. Sandbox security checks can be bypassed when templates are loaded in non-sandbox context before include().
|
||||
https://www.cve.org/CVERecord?id=CVE-2024-45411
|
||||
|
||||
**PKSA-2wrf-1xmk-1pky** — `twig/twig` CVE-2024-51755; affected versions < 3.11.2 or 3.12.0–3.14.0 are pulled by Sylius dependency constraints. Unguarded `__isset()` and array-access in sandbox allows attribute access on Array-like objects.
|
||||
https://www.cve.org/CVERecord?id=CVE-2024-51755
|
||||
|
|
@ -261,7 +261,12 @@
|
|||
"symfony/runtime": true
|
||||
},
|
||||
"audit": {
|
||||
"ignore": ["PKSA-gs8r-6kz6-pp56", "PKSA-gnn4-pxdg-q76m", "PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky"]
|
||||
"ignore": [
|
||||
"PKSA-gs8r-6kz6-pp56",
|
||||
"PKSA-gnn4-pxdg-q76m",
|
||||
"PKSA-yhcn-xrg3-68b1",
|
||||
"PKSA-2wrf-1xmk-1pky"
|
||||
]
|
||||
}
|
||||
},
|
||||
"extra": {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue