Vulnerabilities > Sylius

DATE CVE VULNERABILITY TITLE RISK
2020-08-20 CVE-2020-15143 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8
2020-01-27 CVE-2020-5220 Information Exposure vulnerability in Sylius Syliusresourcebundle
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header.
network
low complexity
sylius CWE-200
5.3
2020-01-27 CVE-2020-5218 HTTP Request Smuggling vulnerability in Sylius
Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments.
network
low complexity
sylius CWE-444
4.3
2019-12-31 CVE-2019-12186 Cross-site Scripting vulnerability in Sylius Grid and Sylius
An issue was discovered in Sylius products.
network
low complexity
sylius CWE-79
4.8
2019-12-05 CVE-2019-16768 Information Exposure Through an Error Message vulnerability in Sylius
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI.
network
low complexity
sylius CWE-209
4.3