Security Advisory

CVE-2020-15143

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-08-19 20:40:12

Last updated 2024-08-04 13:08:22

Assigner GitHub_M

State PUBLISHED

Description

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package havent been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.

← Browse all CVEs View on cve.org ↗