Vulnerabilities > Sylius > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2022-24743 Insufficient Session Expiration vulnerability in Sylius
Sylius is an open source eCommerce platform.
network
low complexity
sylius CWE-613
8.2
8.2
2020-08-20 CVE-2020-15146 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8
8.8
2020-08-20 CVE-2020-15143 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8
8.8