Lucene search
GoogleOSV:CVE-2020-15146HistoryAug 20, 2020 - 1:17 a.m.
CVE-2020-15146
2020-08-2001:17:12
Google
osv.dev
5
cve-2020-15146
syliusresourcebundle
remote code execution
patched
symfony/expression-language
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven’t been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
Related
osv
osv
Remote Code Execution in SyliusResourceBundle
2020-08-19 19:52:30
cve
cve
CVE-2020-15146
2020-08-20 01:17:12
friendsofphp
friendsofphp
cvelist
cvelist
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle
2020-08-19 20:20:12
veracode
veracode
Remote Code Execution (RCE)
2020-08-20 01:41:52
github
github
Remote Code Execution in SyliusResourceBundle
2020-08-19 19:52:30
prion
prion
Remote code execution
2020-08-20 01:17:00
nvd
nvd
CVE-2020-15146
2020-08-20 01:17:12