Vulnerability Description
In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI. Therefore, some internal system information may leak and be visible to the customer. A validation message with the exception details will be presented to the user when one will try to log into the shop. This has been patched in versions 1.3.14, 1.4.10, 1.5.7, and 1.6.3.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sylius | Sylius | < 1.3.14 |
Related Weaknesses (CWE)
References
- https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945fRelease Notes
- https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2hMitigationThird Party Advisory
- https://github.com/Sylius/Sylius/commit/be245302dfc594d8690fe50dd47631d186aa945fRelease Notes
- https://github.com/Sylius/Sylius/security/advisories/GHSA-3r8j-pmch-5j2hMitigationThird Party Advisory
FAQ
What is CVE-2019-16768?
CVE-2019-16768 is a vulnerability with a CVSS score of 3.5 (LOW). In affected versions of Sylius, exception messages from internal exceptions (like database exception) are wrapped by \Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propa...
How severe is CVE-2019-16768?
CVE-2019-16768 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16768?
Check the references section above for vendor advisories and patch information. Affected products include: Sylius Sylius.