[CRITICAL] CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

PKSA-zrph-6p15-pg8w CVE-2020-15146 GHSA-h6m7-j4h3-9rf5

Affected package: sylius/resource-bundle

Affected version: >=1.0.0,<1.1.0|>=1.1.0,<1.2.0|>=1.2.0,<1.3.0|>=1.3.0,<1.3.14|>=1.4.0,<1.4.7|>=1.5.0,<1.5.2|>=1.6.0,<1.6.4

Reported by:
GitHub, FriendsOfPHP/security-advisories