Skip to main content

Syliusresourcebundle

3 CVEs product

Monthly

CVE-2020-15146 PHP HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-15143 PHP HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-5220 PHP MEDIUM PATCH This Month

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Syliusresourcebundle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Syliusresourcebundle
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Syliusresourcebundle
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy