Vulnerabilities > Sylius > Syliusresourcebundle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-20 | CVE-2020-15146 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 6.5 |
| 2020-08-20 | CVE-2020-15143 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 6.5 |
| 2020-01-27 | CVE-2020-5220 | Information Exposure vulnerability in Sylius Syliusresourcebundle Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. | 5.0 |