Symfony version(s) affected

v5.4.8

Description

When generating emails using twig-bridge, the main.css contains the following link, which is hosted on a domain that is considered malicious by CMC Threat Intelligence. This is causing emails to be mistakenly quarantined and not delivered to the end users.

The URL in question is https://raw.githubusercontent.com/foundation/foundation-emails/v2.2.1/dist/foundation-emails.css.

How to reproduce

If you go to https://www.virustotal.com/gui/url/cfee0ef7cfca28ccb91d3df257c043b45b23556c288d203d165d429811a1031f you will see that CMC Threat Intelligence does flag this as malicious. You will need to go to https://www.virustotal.com/gui/url/dce9ba69237bcd0d3c424e56b4d5126d3d8b35ee1d7d4d60fea7efb71efde92a/community to understand that it is flagged malicious to being a repository of virus information.

Possible Solution

One way to resolve this issue is to remove the comment with the license information and the URL, and put it in a separate file that does not make its way into the email source code.

Additional Context

I have also contacted CMC Threat Intelligence asking for them to remove the flag on githubusercontent, but I suspect not much will come from that.