CVE-2020-15146 - OpenCVE

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sylius	Syliusresourcebundle

Configuration 1 [-]

OR	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::
	cpe:2.3:a:sylius:syliusresourcebundle::::::::

No data.

References

Link	Providers
https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-08-19T20:20:12

Updated: 2024-08-04T13:08:22.235Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15146

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-20T01:17:12.197

Modified: 2021-11-18T18:33:42.340

Link: CVE-2020-15146

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SyliusResourceBundle", "vendor": "Sylius", "versions": [{"status": "affected", "version": "< 1.3.14"}, {"status": "affected", "version": ">= 1.4.0 , < 1.4.7"}, {"status": "affected", "version": ">= 1.5.0, < 1.5.2"}, {"status": "affected", "version": ">= 1.6.0, < 1.6.4"}]}], "descriptions": [{"lang": "en", "value": "In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-19T20:20:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5"}], "source": {"advisory": "GHSA-h6m7-j4h3-9rf5", "discovery": "UNKNOWN"}, "title": "Remote Code Execution in SyliusResourceBundle", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15146", "STATE": "PUBLIC", "TITLE": "Remote Code Execution in SyliusResourceBundle"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SyliusResourceBundle", "version": {"version_data": [{"version_value": "< 1.3.14"}, {"version_value": ">= 1.4.0 , < 1.4.7"}, {"version_value": ">= 1.5.0, < 1.5.2"}, {"version_value": ">= 1.6.0, < 1.6.4"}]}}]}, "vendor_name": "Sylius"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5", "refsource": "CONFIRM", "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5"}]}, "source": {"advisory": "GHSA-h6m7-j4h3-9rf5", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.235Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15146", "datePublished": "2020-08-19T20:20:12", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.235Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "659F611E-A675-4348-9357-9E72660C4540", "versionEndIncluding": "1.3.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "324A47C4-D629-406D-993C-FD6180FEA3AE", "versionEndIncluding": "1.4.6", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BDCA031-1860-4F18-8EAB-E1776574DB2C", "versionEndIncluding": "1.5.1", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sylius:syliusresourcebundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "04F7B07A-DE47-4D3C-88E4-51F01D91A4E5", "versionEndIncluding": "1.6.3", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched."}, {"lang": "es", "value": "En SyliusResourceBundle versiones anteriores a 1.3.14, 1.4.7, 1.5.2 y 1.6.4, los par\u00e1metros de petici\u00f3n inyectados dentro de una expresi\u00f3n evaluada por el paquete \"symfony/expression-language\" no han sido saneadas apropiadamente. Esto permite al atacante acceder a cualquier servicio p\u00fablico mediante la manipulaci\u00f3n de ese par\u00e1metro de petici\u00f3n permitiendo una ejecuci\u00f3n de c\u00f3digo remota . Este problema ha sido corregido para las versiones 1.3.14, 1.4.7, 1.5.2 y 1.6.4. Las versiones anteriores a la 1.3 no fueron parcheadas."}], "id": "CVE-2020-15146", "lastModified": "2021-11-18T18:33:42.340", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-08-20T01:17:12.197", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-917"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}