Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/sylius/resource-bundle@1.3.5
Typecomposer
Namespacesylius
Nameresource-bundle
Version1.3.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.3.14
Latest_non_vulnerable_version1.6.4
Affected_by_vulnerabilities
0
url VCID-g1vh-b6q7-1ya7
vulnerability_id VCID-g1vh-b6q7-1ya7
summary 
Injection Vulnerability
In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15146
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.78012
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15146
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15146.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15146.yaml
2
reference_url https://github.com/Sylius/SyliusResourceBundle
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle
3
reference_url https://github.com/Sylius/SyliusResourceBundle/commit/73d9aba182947473a5935b31caf65ca263091e00
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/commit/73d9aba182947473a5935b31caf65ca263091e00
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15146
reference_id CVE-2020-15146
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15146
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.14
purl pkg:composer/sylius/resource-bundle@1.3.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.14
1
url pkg:composer/sylius/resource-bundle@1.4.7
purl pkg:composer/sylius/resource-bundle@1.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.7
2
url pkg:composer/sylius/resource-bundle@1.5.2
purl pkg:composer/sylius/resource-bundle@1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.2
3
url pkg:composer/sylius/resource-bundle@1.6.4
purl pkg:composer/sylius/resource-bundle@1.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.4
aliases CVE-2020-15146, GHSA-h6m7-j4h3-9rf5
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1vh-b6q7-1ya7
1
url VCID-q8qd-8pyx-jyaa
vulnerability_id VCID-q8qd-8pyx-jyaa
summary 
Injection Vulnerability
In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15143
reference_id
reference_type
scores
0
value 0.01064
scoring_system epss
scoring_elements 0.78012
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15143
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15143.yaml
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15143.yaml
2
reference_url https://github.com/Sylius/SyliusResourceBundle
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle
3
reference_url https://github.com/Sylius/SyliusResourceBundle/commit/73ed8b8bb083f36c30ad7c3cec336f65d6a80650
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/commit/73ed8b8bb083f36c30ad7c3cec336f65d6a80650
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15143
reference_id CVE-2020-15143
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15143
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.14
purl pkg:composer/sylius/resource-bundle@1.3.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.14
1
url pkg:composer/sylius/resource-bundle@1.4.7
purl pkg:composer/sylius/resource-bundle@1.4.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.7
2
url pkg:composer/sylius/resource-bundle@1.5.2
purl pkg:composer/sylius/resource-bundle@1.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.2
3
url pkg:composer/sylius/resource-bundle@1.6.4
purl pkg:composer/sylius/resource-bundle@1.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.4
aliases CVE-2020-15143, GHSA-p4pj-9g59-4ppv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8qd-8pyx-jyaa
2
url VCID-ywcd-9aje-jqa6
vulnerability_id VCID-ywcd-9aje-jqa6
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Affected versions of Sylius give attackers the ability to switch channels via the `_channel_code` GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to `true`. However, if no `sylius_channel.debug` is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to `false`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5218
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54056
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5218
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5220
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55663
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5220
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-5220.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/sylius/CVE-2020-5220.yaml
4
reference_url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2
5
reference_url https://github.com/Sylius/Sylius/security/advisories/GHSA-prg5-hg25-8grq
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Sylius/Sylius/security/advisories/GHSA-prg5-hg25-8grq
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5218
reference_id CVE-2020-5218
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5218
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5220
reference_id CVE-2020-5220
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5220
fixed_packages
0
url pkg:composer/sylius/resource-bundle@1.3.13
purl pkg:composer/sylius/resource-bundle@1.3.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.13
1
url pkg:composer/sylius/resource-bundle@1.4.6
purl pkg:composer/sylius/resource-bundle@1.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.4.6
2
url pkg:composer/sylius/resource-bundle@1.5.1
purl pkg:composer/sylius/resource-bundle@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.5.1
3
url pkg:composer/sylius/resource-bundle@1.6.3
purl pkg:composer/sylius/resource-bundle@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g1vh-b6q7-1ya7
1
vulnerability VCID-q8qd-8pyx-jyaa
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.6.3
aliases CVE-2020-5218, CVE-2020-5220, GHSA-8vp7-j5cj-vvm2, GHSA-prg5-hg25-8grq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ywcd-9aje-jqa6
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/sylius/resource-bundle@1.3.5