oro/platform Security Advisories for 4.2.5 (4)
-
[MEDIUM] Pinned entity creation form shows wrong data
PKSA-s86f-6mqr-z66d CVE-2023-45824 GHSA-vxq2-p937-3px3
Affected version: >=4.2.0,<=4.2.10|>=5.0.0,<=5.0.12|>=5.1.0,<=5.1.3
Reported by:
GitHub -
[HIGH] OroPlatform vulnerable to path traversal during temporary file manipulations
PKSA-t2jj-zmdx-jdvv CVE-2022-41951 GHSA-9v3j-4j64-p937
Affected version: >=5.0.0,<5.0.8|>=4.2.0,<=4.2.10|>=4.1.0,<=4.1.13
Reported by:
GitHub -
[MEDIUM] XSS vulnerability on email template preview page
PKSA-bqcb-rj59-qx4d CVE-2021-41236 GHSA-qv7g-j98v-8pp7
Affected version: >=4.2.0,<4.2.8|>=4.1.0,<4.1.14|>=3.1.0,<3.1.21
Reported by:
GitHub -
[MEDIUM] Client-Side JavaScript Prototype Pollution in oro/platform
PKSA-qwvx-stpf-9hr2 CVE-2021-43852 GHSA-jx5q-g37m-h5hj
Affected version: >=4.2.0,<4.2.8|>=4.1.0,<4.1.14
Reported by:
GitHub