Someone has created bogus CVE reports for Symfony (CVE-2024-36611 and CVE-2024-36610).
You might experience warnings from `composer audit` or other tools about these bogus CVEs when using Symfony components <7.1.
These MUST BE IGNORED, the reports are NOT security issues.
We're trying to find out how we can solve this. If someone has experience with this, please let us know!
Fortunately, the biggest advisory databases in PHP have responded quickly and the bogus Symfony security advisories are withdrawn from Packagist, Roave and GitHub.
Hopefully this has mitigated the impact for all projects.
Thanks to everyone involved!