Syliusresourcebundle Security Vulnerabilities and Issues — Syliusresourcebundle CVE List

Lucene search

SyliusSyliusresourcebundle

3 matches found

CVE•added 2020/08/20 1:17 a.m.•73 views

CVE-2020-15146

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, al...

9.6CVSS8.9AI score0.01092EPSS

CVE•added 2020/08/20 1:17 a.m.•70 views

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, a...

8.8CVSS8.4AI score0.01092EPSS

CVE•added 2020/01/27 9:15 p.m.•51 views

CVE-2020-5220

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's c...

5.3CVSS4.6AI score0.00323EPSS