[CRITICAL] XML decoding attack vector through external entities

PKSA-ft85-yyfg-zynf GHSA-j68w-pg49-f6vx

Affected package: symfony/serializer

Affected version: >=2.0.0,<2.0.11

Reported by:
GitHub, FriendsOfPHP/security-advisories