Search for packages
| purl | pkg:composer/sylius/resource-bundle@1.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5a1s-8e8c-qkdx
Aliases: GHSA-65v7-wg35-2qpm |
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-g1vh-b6q7-1ya7
Aliases: CVE-2020-15146 GHSA-h6m7-j4h3-9rf5 |
Injection Vulnerability In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q8qd-8pyx-jyaa
Aliases: CVE-2020-15143 GHSA-p4pj-9g59-4ppv |
Injection Vulnerability In SyliusResourceBundle request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ywcd-9aje-jqa6
Aliases: CVE-2020-5218 CVE-2020-5220 GHSA-8vp7-j5cj-vvm2 GHSA-prg5-hg25-8grq |
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Affected versions of Sylius give attackers the ability to switch channels via the `_channel_code` GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to `true`. However, if no `sylius_channel.debug` is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to `false`. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:34:22.088173+00:00 | GitLab Importer | Affected by | VCID-q8qd-8pyx-jyaa | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sylius/resource-bundle/CVE-2020-15143.yml | 38.6.0 |
| 2026-06-04T20:34:21.074287+00:00 | GitLab Importer | Affected by | VCID-g1vh-b6q7-1ya7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sylius/resource-bundle/CVE-2020-15146.yml | 38.6.0 |
| 2026-06-04T20:26:41.961178+00:00 | GitLab Importer | Affected by | VCID-ywcd-9aje-jqa6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sylius/resource-bundle/CVE-2020-5220.yml | 38.6.0 |
| 2026-06-04T16:21:48.021824+00:00 | GitLab Importer | Affected by | VCID-5a1s-8e8c-qkdx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/sylius/resource-bundle/GHSA-65v7-wg35-2qpm.yml | 38.6.0 |