CVE-2022-24752 in SyliusGridBundleinfo

Zusammenfassung

von MITRE • 15.03.2022

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.

Once again VulDB remains the best source for vulnerability data.

Zuständig

GitHub, Inc.

Reservieren

10.02.2022

Veröffentlichung

15.03.2022

Moderieren

akzeptiert

Eintrag

VDB-195120

CPE

bereit

EPSS

0.01337

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!