Affecting sylius/sylius package, versions <1.3.14 || >=1.4, <1.4.10 || >=1.5, <1.5.7 || >=1.6, <1.6.3
sylius/sylius is a platform for PHP, based on Symfony framework.
Affected versions of this package are vulnerable to Information Exposure.
Exception messages from internal exceptions are wrapped by
\Symfony\Component\Security\Core\Exception\AuthenticationServiceException and propagated through the system to UI allowing users to see system information.
A validation message with the exception details will be presented to the user when one will try to log into the shop.
sylius/sylius to version 1.3.14, 1.4.10, 1.5.7, 1.6.3 or higher.