[LOW] CVE-2026-45756: JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits: ReDoS

PKSA-rj1d-mpts-8wrt CVE-2026-45756 GHSA-8v8v-g73j-492j

Affected package: symfony/json-path

Affected version: >=7.3.0,<7.4.0|>=7.4.0,<7.4.12|>=8.0.0,<8.0.12

Reported by:
GitHub, FriendsOfPHP/security-advisories