Reference blog post for CVE-2021-41270

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-25 22:14:12 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-25 22:14:12 +0100
commit: cddda551f8fbf907dba50c6d4561ddc1648b4ce1 (patch)
tree: d56d9102ea8d96887d66c5c7b51962f2cc42efc6
parent: ab98563f1d781c904a2a60f1b1b32ec93b17d3cd (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 4d25ea4cc4..0f858d0515 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -6853,6 +6853,7 @@ CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data st
 	- symfony 4.4.19+dfsg-3
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
 	NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35)
+	NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas
 CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...)
 	NOT-FOR-US: cron-utils Java library
 CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-25 22:14:12 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-25 22:14:12 +0100
commit	cddda551f8fbf907dba50c6d4561ddc1648b4ce1 (patch)
tree	d56d9102ea8d96887d66c5c7b51962f2cc42efc6
parent	ab98563f1d781c904a2a60f1b1b32ec93b17d3cd (diff)