Security Advisories - flarum/core - Packagist

flarum/core Security Advisories for v0.1.0-beta.7.1 (4)

[LOW] Flarum's logout Route allows open redirects

PKSA-t2c9-4b54-wr9g CVE-2024-21641 GHSA-733r-8xcp-w9mr

Affected version: <1.8.5

Reported by:
GitHub
[HIGH] Flarum vulnerable to LFI and Blind SSRF via Avatar upload

PKSA-gy61-rznj-1v67 CVE-2023-40033 GHSA-67c6-q4j4-hccg

Affected version: <1.8.0

Reported by:
GitHub
[MEDIUM] Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files

PKSA-vdnx-r1qz-p9z5 CVE-2023-27577 GHSA-vhm8-wwrf-3gcw

Affected version: <1.7.0

Reported by:
GitHub
[MEDIUM] Flarum notifications can leak restricted content

PKSA-c9jx-2v6m-svqv CVE-2023-22488 GHSA-8gcg-vwmw-rxj4

Affected version: <1.6.3

Reported by:
GitHub