sylius/resource-bundle Security Advisories for v1.1.0-RC (4)
-
[MEDIUM] Sylius Resource Bundle Cross-Site Request Forgery vulnerability
PKSA-45k9-b5qk-x2c8 GHSA-65v7-wg35-2qpm
Affected version: >=1.2.0,<1.2.2|>=1.1.0,<1.1.9|>=1.0.0,<1.0.17
Reported by:
GitHub -
[HIGH] CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language
PKSA-g5n4-6393-snd5 CVE-2020-15143 GHSA-p4pj-9g59-4ppv
Affected version: >=1.0.0,<1.1.0|>=1.1.0,<1.2.0|>=1.2.0,<1.3.0|>=1.3.0,<1.3.14|>=1.4.0,<1.4.7|>=1.5.0,<1.5.2|>=1.6.0,<1.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language
PKSA-zrph-6p15-pg8w CVE-2020-15146 GHSA-h6m7-j4h3-9rf5
Affected version: >=1.0.0,<1.1.0|>=1.1.0,<1.2.0|>=1.2.0,<1.3.0|>=1.3.0,<1.3.14|>=1.4.0,<1.4.7|>=1.5.0,<1.5.2|>=1.6.0,<1.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure
PKSA-sjsn-7352-ttw3 CVE-2020-5220 GHSA-8vp7-j5cj-vvm2
Affected version: >=1.0.0,<1.1.0|>=1.1.0,<1.2.0|>=1.2.0,<1.3.0|>=1.3.0,<1.3.13|>=1.4.0,<1.4.6|>=1.5.0,<1.5.1|>=1.6.0,<1.6.3
Reported by:
GitHub, FriendsOfPHP/security-advisories