getgrav/grav Security Advisories for 1.7.42.2 (8)
-
[HIGH] Grav Vulnerable to Arbitrary File Read to Account Takeover
PKSA-dfbv-gg3q-6zkv CVE-2024-34082 GHSA-f8v5-jmfh-pr69
Affected version: <1.7.46
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI) via Twig escape handler
PKSA-qk36-vv6t-rpy1 CVE-2024-28119 GHSA-2m7x-c7px-hp58
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI)
PKSA-4zrd-fzvb-s4j9 CVE-2024-28118 GHSA-r6vw-8v8r-pmp4
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI)
PKSA-md79-czmr-hzqq CVE-2024-28117 GHSA-qfv4-q44r-g7rv
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
PKSA-3xkc-2rqf-2zr3 CVE-2024-28116 GHSA-c9gp-64c4-2rrh
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Grav File Upload Path Traversal
PKSA-k12q-kcf1-m3gr CVE-2024-27921 GHSA-m7hx-hw6h-mqmc
Affected version: <1.7.45
Reported by:
GitHub -
[CRITICAL] Remote Code Execution by uploading a phar file using frontmatter
PKSA-s32r-k9tt-xp19 CVE-2024-27923 GHSA-f6g2-h7qv-3m5v
Affected version: <1.7.43
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) vulnerability in Grav
PKSA-b2jk-phpd-zxp3 CVE-2023-31506 GHSA-xrf8-cmrg-7436
Affected version: <1.7.44
Reported by:
GitHub