XML decoding attack vector through external entities

PKSA-ft85-yyfg-zynf

Affected package: symfony/serializer

Affected version: >=2.0.0,<2.0.11

Reported by:
FriendsOfPHP/security-advisories