CVE-2020-15146

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5	Exploit Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::

History

18 Nov 2021, 18:33

Type	Values Removed	Values Added
CWE	~~CWE-74~~	CWE-917

Information

Published : 2020-08-20 01:17

Updated : 2023-12-10 13:27

NVD link : CVE-2020-15146

Mitre link : CVE-2020-15146

CVE.ORG link : CVE-2020-15146

JSON object : View

Products Affected

sylius

syliusresourcebundle

CWE

CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2020-15146", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.1}]}, "published": "2020-08-20T01:17:12.197", "references": [{"url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-917"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched."}, {"lang": "es", "value": "En SyliusResourceBundle versiones anteriores a 1.3.14, 1.4.7, 1.5.2 y 1.6.4, los par\u00e1metros de petici\u00f3n inyectados dentro de una expresi\u00f3n evaluada por el paquete \"symfony/expression-language\" no han sido saneadas apropiadamente. Esto permite al atacante acceder a cualquier servicio p\u00fablico mediante la manipulaci\u00f3n de ese par\u00e1metro de petici\u00f3n permitiendo una ejecuci\u00f3n de c\u00f3digo remota . Este problema ha sido corregido para las versiones 1.3.14, 1.4.7, 1.5.2 y 1.6.4. Las versiones anteriores a la 1.3 no fueron parcheadas."}], "lastModified": "2021-11-18T18:33:42.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "659F611E-A675-4348-9357-9E72660C4540", "versionEndIncluding": "1.3.13"}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324A47C4-D629-406D-993C-FD6180FEA3AE", "versionEndIncluding": "1.4.6", "versionStartIncluding": "1.4.0"}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BDCA031-1860-4F18-8EAB-E1776574DB2C", "versionEndIncluding": "1.5.1", "versionStartIncluding": "1.5.0"}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04F7B07A-DE47-4D3C-88E4-51F01D91A4E5", "versionEndIncluding": "1.6.3", "versionStartIncluding": "1.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}