NIST AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

NIST (AV:N/AC:M/Au:S/C:N/I:P/A:N)

NIST CWE-79

OR
     *cpe:2.3:a:sylius:grid:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (including) 1.0.18
     *cpe:2.3:a:sylius:grid:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (including) 1.1.18
     *cpe:2.3:a:sylius:grid:*:*:*:*:*:*:*:* versions from (including) 1.2.0 up to (including) 1.2.17
     *cpe:2.3:a:sylius:grid:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.3.12
     *cpe:2.3:a:sylius:grid:*:*:*:*:*:*:*:* versions from (including) 1.4.0 up to (including) 1.4.4
     *cpe:2.3:a:sylius:grid:1.5.0:*:*:*:*:*:*:*
     *cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (including) 1.0.18
     *cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (including) 1.1.17
     *cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* versions from (including) 1.2.0 up to (including) 1.2.16
     *cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* versions from (including) 1.3.0 up to (including) 1.3.11
     *cpe:2.3:a:sylius:sylius:*:*:*:*:*:*:*:* versions from (including) 1.4.0 up to (including) 1.4.3

https://sylius.com/blog/cve-2019-12186/ No Types Assigned

https://sylius.com/blog/cve-2019-12186/ Vendor Advisory

Victim must voluntarily interact with attack mechanism