6 matches found
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
CVE-2020-15146 affects SyliusResourceBundle used with Symfony. The vulnerability occurs when request parameters are injected into expressions evaluated by the Symfony expression-language, allowing an attacker to access public services and perform Remote Code Execution. Affected versions are
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...