[MEDIUM] Missing output escaping for the null coalesce operator

PKSA-v3kg-5xkr-pykw CVE-2025-24374 GHSA-3xg3-cgvq-2xwr

Affected version: >=3.16.0,<3.19.0

Reported by:
GitHub, FriendsOfPHP/security-advisories