{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T21:31:21.850","vulnerabilities":[{"cve":{"id":"CVE-2019-16768","sourceIdentifier":"security-advisories@github.com","published":"2019-12-05T20:15:09.997","lastModified":"2024-11-21T04:31:09.083","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \\Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3."},{"lang":"es","value":"Unos mensajes de excepción de las excepciones internas (como la excepción de la base de datos) están empaquetados por \\Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException y se propagan por medio del sistema a la Interfaz de Usuario. Por lo tanto, algo de la información interna del sistema puede filtrarse y ser visible para el cliente. Un mensaje de comprobación con los detalles de la excepción será presentado al usuario cuando uno intentase iniciar sesión en la tienda."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-209"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-209"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.14","matchCriteriaId":"775912B0-A604-4155-AADD-870B1E3F9519"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.10","matchCriteriaId":"DC5C9FB3-982A-463A-B9D6-E51CC6299DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.5.7","matchCriteriaId":"76962E39-CE3E-4406-84D3-904127B845B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndExcluding":"1.6.3","matchCriteriaId":"6433D719-0A14-42DA-8F34-4EAEAE6AB71B"}]}]}],"references":[{"url":"https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945f","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2h","source":"security-advisories@github.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}