api-platform/hal Security Advisories for v4.2.17 (1)
-
[MEDIUM] API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate
PKSA-9wr7-4vnk-wwmr CVE-2026-49858 GHSA-pjhx-3c3w-9v23
Affected version: >=4.3.0,<4.3.8|>=4.2.0,<4.2.25|>=4.0.0,<4.1.29
Reported by:
GitHub