sylius/resource-bundle

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting sylius/resource-bundlepage 1 of 1

CVE-2020-15143HIGHCVSS 7.7EG 7.7✓ Fixed in 1.3.14
2020-08-20
vulnerable: v1.0.0 ... v1.3.9 (73 versions)
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to acces…
CVE-2020-15146CRITICALCVSS 9.6EG 9.6✓ Fixed in 1.3.14
2020-08-20
vulnerable: v1.0.0 ... v1.3.9 (73 versions)
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access…
CVE-2020-5220MEDIUMCVSS 4.4EG 4.4✓ Fixed in 1.3.13
2020-01-27
vulnerable: v1.0.0 ... v1.3.9 (72 versions)
Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group fr…

Check whether sylius/resource-bundle is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for sylius/resource-bundle CVEs against the assets you own.

Start Free Scan →