sylius/sylius Security Advisories for v0.15.0 (5)
-
[MEDIUM] Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
PKSA-bdq8-12rq-1jxx CVE-2022-24749 GHSA-4qrp-27r3-66fj
Affected version: >=1.11.0,<1.11.2|>=1.10.0,<1.10.11|<1.9.10
Reported by:
GitHub -
[MEDIUM] Sensitive Information Exposure in Sylius
PKSA-4y6p-d93g-pxdh CVE-2022-24742 GHSA-7563-75j9-6h5p
Affected version: >=1.11,<1.11.2|>=1.10,<1.10.11|<1.9.10
Reported by:
GitHub -
[MEDIUM] Improper Restriction of Rendered UI Layers or Frames in Sylius
PKSA-ftgj-pjx7-dswf CVE-2022-24733 GHSA-4jp3-q2qm-9fmw
Affected version: >=1.11.0,<1.11.2|>=1.10.0,<1.10.11|<1.9.10
Reported by:
GitHub -
[LOW] Ability to switch channels via GET parameter enabled in production environments
PKSA-3b3k-ptfz-1wwy CVE-2020-5218 GHSA-prg5-hg25-8grq
Affected version: >=1.6.0,<1.6.5|>=1.5,<1.5.9|>=1.4.0,<1.4.12|<1.3.16
Reported by:
GitHub -
[LOW] Internal exception message exposure for login action in Sylius
PKSA-5fvz-8hqw-qw9z CVE-2019-16768 GHSA-3r8j-pmch-5j2h
Affected version: >=1.6.0,<1.6.3|>=1.5.0,<1.5.7|>=1.4.0,<1.4.10|<1.3.14
Reported by:
GitHub