Vulnerabilities > Sylius > Syliusresourcebundle

DATE CVE VULNERABILITY TITLE RISK
2020-08-20 CVE-2020-15146 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
6.5
2020-08-20 CVE-2020-15143 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
6.5
2020-01-27 CVE-2020-5220 Information Exposure vulnerability in Sylius Syliusresourcebundle
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header.
network
low complexity
sylius CWE-200
5.0