CVE-2026-45304
LOW SEVERITYVulnerability Description
Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
symfony/yaml
External References
- https://github.com/symfony/symfony/security/advisories/GHSA-4qpc-3hr4-r2p4
- https://github.com/symfony/symfony/commit/e77391b2e4f18821198f010d573674c8ed4a970a
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2026-45304.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/yaml/CVE-2026-45304.yaml
- https://symfony.com/cve-2026-45304
- https://github.com/advisories/GHSA-4qpc-3hr4-r2p4
Discussion (0)
Add Comment
No comments yet. Be the first!