{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T13:55:06.315","vulnerabilities":[{"cve":{"id":"CVE-2020-15143","sourceIdentifier":"security-advisories@github.com","published":"2020-08-20T01:17:11.993","lastModified":"2024-11-21T05:04:56.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched."},{"lang":"es","value":"En SyliusResourceBundle anterior a las versiones 1.3.14, 1.4.7, 1.5.2 y 1.6.4, los parámetros de petición inyectados dentro de una expresión evaluada por el paquete \"symfony/expression-language\" no se han saneado correctamente. Esto permite al atacante acceder a cualquier servicio público manipulando ese parámetro de petición, lo que permite una ejecución de código remota. Este problema se ha corregido para las versiones 1.3.14, 1.4.7, 1.5.2 y 1.6.4. Las versiones anteriores a la 1.3 no fueron parcheadas."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.13","matchCriteriaId":"659F611E-A675-4348-9357-9E72660C4540"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndIncluding":"1.4.6","matchCriteriaId":"324A47C4-D629-406D-993C-FD6180FEA3AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndIncluding":"1.5.1","matchCriteriaId":"2BDCA031-1860-4F18-8EAB-E1776574DB2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndIncluding":"1.6.3","matchCriteriaId":"04F7B07A-DE47-4D3C-88E4-51F01D91A4E5"}]}]}],"references":[{"url":"https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}