CVE-2020-5218 Sylius allows unauthorized channel switching via _channel_code GET parameter
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
Veracode | Unauthorized Channel Switching | 3 Feb 202013:16 | – | veracode |
Github Security Blog | Ability to switch channels via GET parameter enabled in production environments | 31 Jan 202018:00 | – | github |
Cvelist | CVE-2020-5218 Ability in Sylius to switch channels via GET parameter enabled in production environments | 27 Jan 202020:25 | – | cvelist |
NVD | CVE-2020-5218 | 27 Jan 202021:15 | – | nvd |
Prion | Design/Logic Flaw | 27 Jan 202021:15 | – | prion |
OSV | CVE-2020-5218 | 27 Jan 202021:15 | – | osv |
OSV | CVE-2020-5220 | 27 Jan 202021:15 | – | osv |
OSV | Ability to expose data in Sylius by using an unintended serialisation group | 31 Jan 202018:00 | – | osv |
OSV | Ability to switch channels via GET parameter enabled in production environments | 31 Jan 202018:00 | – | osv |
[
{
"product": "Sylius",
"vendor": "Sylius",
"versions": [
{
"status": "affected",
"version": "< 1.3.13"
},
{
"status": "affected",
"version": ">= 1.4.0, < 1.4.6"
},
{
"status": "affected",
"version": ">= 1.5.0, < 1.5.1"
},
{
"status": "affected",
"version": ">= 1.6.0, < 1.6.3"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo