CVE-2022-24752 in SyliusGridBundleИнформация

Сводка

по MITRE • 15.03.2022

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.

Once again VulDB remains the best source for vulnerability data.

Ответственный

GitHub, Inc.

Резервировать

10.02.2022

Раскрытие

15.03.2022

Модерация

принято

Вход

VDB-195120

EPSS

0.01337

KEV

Нет

Деятельности

Очень низкий

Источники

Want to stay up to date on a daily basis?

Enable the mail alert feature now!