Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/sylius/resource-bundle@1.0.6
Typecomposer
Namespacesylius
Nameresource-bundle
Version1.0.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.14
Latest_non_vulnerable_version1.6.4
Affected_by_vulnerabilities
0
url VCID-5a1s-8e8c-qkdx
vulnerability_id VCID-5a1s-8e8c-qkdx
summary 
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue.

This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/2018-07-09.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/2018-07-09.yaml
1
reference_url https://github.com/Sylius/SyliusResourceBundle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle
2
reference_url https://github.com/Sylius/SyliusResourceBundle/commit/9720ac5a0a39ea2c2a395ef16a94a00aa86c418b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/commit/9720ac5a0a39ea2c2a395ef16a94a00aa86c418b
3
reference_url https://sylius.com/blog/csrf-vulnerability-in-admin-panel
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sylius.com/blog/csrf-vulnerability-in-admin-panel
4
reference_url https://github.com/advisories/GHSA-65v7-wg35-2qpm
reference_id GHSA-65v7-wg35-2qpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-65v7-wg35-2qpm
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.0.17
purl pkg:composer/sylius/resource-bundle@1.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
2
vulnerability VCID-ywcd-9aje-jqa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.0.17
1
url pkg:composer/sylius/resource-bundle@1.1.9
purl pkg:composer/sylius/resource-bundle@1.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
2
vulnerability VCID-ywcd-9aje-jqa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.1.9
2
url pkg:composer/sylius/resource-bundle@1.2.2
purl pkg:composer/sylius/resource-bundle@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
2
vulnerability VCID-ywcd-9aje-jqa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.2.2
aliases GHSA-65v7-wg35-2qpm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5a1s-8e8c-qkdx
1
url VCID-g1vh-b6q7-1ya7
vulnerability_id VCID-g1vh-b6q7-1ya7
summary 
Injection Vulnerability
In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15146
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.7804
published_at 2026-06-05T12:55:00Z
1
value 0.01064
scoring_system epss
scoring_elements 0.78012
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15146
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15146.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15146.yaml
2
reference_url https://github.com/Sylius/SyliusResourceBundle
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle
3
reference_url https://github.com/Sylius/SyliusResourceBundle/commit/73d9aba182947473a5935b31caf65ca263091e00
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/commit/73d9aba182947473a5935b31caf65ca263091e00
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15146
reference_id CVE-2020-15146
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15146
6
reference_url https://github.com/advisories/GHSA-h6m7-j4h3-9rf5
reference_id GHSA-h6m7-j4h3-9rf5
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h6m7-j4h3-9rf5
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.14
purl pkg:composer/sylius/resource-bundle@1.3.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.14
1
url pkg:composer/sylius/resource-bundle@1.4.7
purl pkg:composer/sylius/resource-bundle@1.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.7
2
url pkg:composer/sylius/resource-bundle@1.5.2
purl pkg:composer/sylius/resource-bundle@1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.2
3
url pkg:composer/sylius/resource-bundle@1.6.4
purl pkg:composer/sylius/resource-bundle@1.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.4
aliases CVE-2020-15146, GHSA-h6m7-j4h3-9rf5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1vh-b6q7-1ya7
2
url VCID-q8qd-8pyx-jyaa
vulnerability_id VCID-q8qd-8pyx-jyaa
summary 
Injection Vulnerability
In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15143
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.7804
published_at 2026-06-05T12:55:00Z
1
value 0.01064
scoring_system epss
scoring_elements 0.78012
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15143
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15143.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15143.yaml
2
reference_url https://github.com/Sylius/SyliusResourceBundle
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle
3
reference_url https://github.com/Sylius/SyliusResourceBundle/commit/73ed8b8bb083f36c30ad7c3cec336f65d6a80650
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/commit/73ed8b8bb083f36c30ad7c3cec336f65d6a80650
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15143
reference_id CVE-2020-15143
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15143
6
reference_url https://github.com/advisories/GHSA-p4pj-9g59-4ppv
reference_id GHSA-p4pj-9g59-4ppv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4pj-9g59-4ppv
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.14
purl pkg:composer/sylius/resource-bundle@1.3.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.14
1
url pkg:composer/sylius/resource-bundle@1.4.7
purl pkg:composer/sylius/resource-bundle@1.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.7
2
url pkg:composer/sylius/resource-bundle@1.5.2
purl pkg:composer/sylius/resource-bundle@1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.2
3
url pkg:composer/sylius/resource-bundle@1.6.4
purl pkg:composer/sylius/resource-bundle@1.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.4
aliases CVE-2020-15143, GHSA-p4pj-9g59-4ppv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qd-8pyx-jyaa
3
url VCID-ywcd-9aje-jqa6
vulnerability_id VCID-ywcd-9aje-jqa6
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Affected versions of Sylius give attackers the ability to switch channels via the `_channel_code` GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to `true`. However, if no `sylius_channel.debug` is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to `false`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5218
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54056
published_at 2026-06-04T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.54112
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5218
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5220
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.5572
published_at 2026-06-05T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55663
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5220
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-5220.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-5220.yaml
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2
5
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-prg5-hg25-8grq
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/security/advisories/GHSA-prg5-hg25-8grq
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5218
reference_id CVE-2020-5218
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5218
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5220
reference_id CVE-2020-5220
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5220
8
reference_url https://github.com/advisories/GHSA-8vp7-j5cj-vvm2
reference_id GHSA-8vp7-j5cj-vvm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vp7-j5cj-vvm2
9
reference_url https://github.com/advisories/GHSA-prg5-hg25-8grq
reference_id GHSA-prg5-hg25-8grq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prg5-hg25-8grq
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.13
purl pkg:composer/sylius/resource-bundle@1.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.13
1
url pkg:composer/sylius/resource-bundle@1.4.6
purl pkg:composer/sylius/resource-bundle@1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.6
2
url pkg:composer/sylius/resource-bundle@1.5.1
purl pkg:composer/sylius/resource-bundle@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.1
3
url pkg:composer/sylius/resource-bundle@1.6.3
purl pkg:composer/sylius/resource-bundle@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.3
aliases CVE-2020-5218, CVE-2020-5220, GHSA-8vp7-j5cj-vvm2, GHSA-prg5-hg25-8grq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywcd-9aje-jqa6
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.0.6