Vulnerabilities > Sylius > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2020-5218 | HTTP Request Smuggling vulnerability in Sylius Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. | 4.0 |
| 2019-12-05 | CVE-2019-16768 | Information Exposure Through an Error Message vulnerability in Sylius In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. | 4.0 |