EUVD-2016-1015

Malware in sbrugna...

EUVD-2020-0257

Malware in sbrugna...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

Cross-site Request Forgery (CSRF)

sylius/resource-bundle is vulnerable to a Cross-Site Request Forgery. The vulnerability is due to the absence of proper validation and insufficient CSRF protection for actions such as marking order payments or product reviews in the AdminBundle and ResourceBundle. This allowing attackers to perfo...

GHSA-945H-6VCV-PC8H Sylius Admin Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

Sylius Admin Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

Sylius Resource Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

fundamentalfocus.net Cross Site Scripting vulnerability OBB-3459284

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

butt.nz Cross Site Scripting vulnerability OBB-1457816

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Sylius Injection Vulnerability

Sylius is a Polish company Sylius set of open source e-commerce platform based on the Symfony framework . An injection vulnerability exists in Sylius ResourceBundle, which stems from the program's failure to properly handle request parameters. An attacker can exploit the vulnerability to execute...

Sylius ResourceBundle Information Disclosure Vulnerability

Sylius is a set of Symfony framework based on open source e-commerce platform . An information disclosure vulnerability exists in Sylius ResourceBundle. The vulnerability stems from a configuration or other error in the operation of a network system or product. An unauthorized attacker can exploi...

Ability to expose data in Sylius by using an unintended serialisation group

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

Design/Logic Flaw

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220

Sylius ResourceBundle has a vulnerability where it accepts and uses any serialization groups via an HTTP header, potentially exposing data by using an unintended serialization group (e.g., a permissive group from Admin API in Shop API). Affected products are Sylius ResourceBundle components, with...

CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...

CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...

Design/Logic Flaw

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...

CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...