Sylius Syliusresourcebundle — known CVE vulnerabilities
Every CVE whose affected-product data names Sylius Syliusresourcebundle, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-15146 — CVSS 9.6 (critical): In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by…
CVE-2020-15143 — CVSS 7.7 (high): In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by…
CVE-2020-5220 — CVSS 4.4 (medium): Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using…