Vulnerabilities > Sylius
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-20 | CVE-2020-15143 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |
2020-01-27 | CVE-2020-5220 | Information Exposure vulnerability in Sylius Syliusresourcebundle Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. | 5.3 |
2020-01-27 | CVE-2020-5218 | HTTP Request Smuggling vulnerability in Sylius Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. | 4.3 |
2019-12-31 | CVE-2019-12186 | Cross-site Scripting vulnerability in Sylius Grid and Sylius An issue was discovered in Sylius products. | 4.8 |
2019-12-05 | CVE-2019-16768 | Information Exposure Through an Error Message vulnerability in Sylius In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. | 4.3 |