** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before
v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array
key during exception pretty printing in ExceptionHandler.php, as
demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position
is that this is not a vulnerability because the debug tools are not
intended for production use. NOTE: the Symfony Debug component is used by
Laravel Debugbar.
Upstream:released (4.5.0+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.4.6+dfsg-1ubuntu0.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.4.22+dfsg-1)
Ubuntu 20.04 (Focal Fossa):not-affected (3.4.22+dfsg-1)
More Information

Updated: 2020-01-29 18:47:36 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)