getgrav/grav Security Advisories for 1.4.2 (28)
-
[HIGH] Grav Vulnerable to Arbitrary File Read to Account Takeover
PKSA-dfbv-gg3q-6zkv CVE-2024-34082 GHSA-f8v5-jmfh-pr69
Affected version: <1.7.46
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI) via Twig escape handler
PKSA-qk36-vv6t-rpy1 CVE-2024-28119 GHSA-2m7x-c7px-hp58
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI)
PKSA-4zrd-fzvb-s4j9 CVE-2024-28118 GHSA-r6vw-8v8r-pmp4
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server Side Template Injection (SSTI)
PKSA-md79-czmr-hzqq CVE-2024-28117 GHSA-qfv4-q44r-g7rv
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
PKSA-3xkc-2rqf-2zr3 CVE-2024-28116 GHSA-c9gp-64c4-2rrh
Affected version: <1.7.45
Reported by:
GitHub -
[HIGH] Grav File Upload Path Traversal
PKSA-k12q-kcf1-m3gr CVE-2024-27921 GHSA-m7hx-hw6h-mqmc
Affected version: <1.7.45
Reported by:
GitHub -
[CRITICAL] Remote Code Execution by uploading a phar file using frontmatter
PKSA-s32r-k9tt-xp19 CVE-2024-27923 GHSA-f6g2-h7qv-3m5v
Affected version: <1.7.43
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) vulnerability in Grav
PKSA-b2jk-phpd-zxp3 CVE-2023-31506 GHSA-xrf8-cmrg-7436
Affected version: <1.7.44
Reported by:
GitHub -
[HIGH] grav Server-side Template Injection (SSTI) mitigation bypass
PKSA-dtsr-c39p-kd8y CVE-2023-37897 GHSA-9436-3gmp-4f53
Affected version: <=1.7.42.1
Reported by:
GitHub -
[HIGH] Grav Server-side Template Injection (SSTI) via Twig Default Filters
PKSA-qff4-p3t5-hhpv CVE-2023-34448 GHSA-whr7-m3f8-mpm8
Affected version: <1.7.42
Reported by:
GitHub -
[HIGH] Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
PKSA-728s-msrd-5k9y CVE-2023-34253 GHSA-j3v8-v77f-fvgm
Affected version: <1.7.42
Reported by:
GitHub -
[HIGH] Grav Server-side Template Injection (SSTI) via Twig Default Filters
PKSA-czz7-ybjd-h94w CVE-2023-34252 GHSA-96xv-rmwj-6p9w
Affected version: <1.7.42
Reported by:
GitHub -
[CRITICAL] Grav Server Side Template Injection (SSTI) vulnerability
PKSA-n6nv-g9gv-59mq CVE-2023-34251 GHSA-f9jf-4cp4-4fq5
Affected version: <1.7.42
Reported by:
GitHub -
[HIGH] Code injection in grav
PKSA-h22v-p71y-45m3 CVE-2022-2073 GHSA-cxgw-r5jg-7xwq
Affected version: <1.7.34
Reported by:
GitHub -
[MEDIUM] Grav CMS Local File Injection
PKSA-8kbr-mb2p-47pd CVE-2020-29556 GHSA-r3rg-jrjq-w4mr
Affected version: <1.6.30|>=1.7.0-beta.1,<=1.7.0-rc.17
Reported by:
GitHub -
[HIGH] Grav CMS Arbitrary File Deletion
PKSA-6yvg-f1gg-wxgv CVE-2020-29555 GHSA-gpmf-q5jh-hjx4
Affected version: <1.6.30|>=1.7.0-beta.1,<=1.7.0-rc.17
Reported by:
GitHub -
[HIGH] Grav CMS Cross-Site Request Forgery (CSRF)
PKSA-2p1j-dmf2-d31s CVE-2020-29553 GHSA-fqff-vcvx-68h3
Affected version: <1.6.30|>=1.7.0-beta.1,<=1.7.0-rc.17
Reported by:
GitHub -
[MEDIUM] Stored cross site scripting in getgrav/grav
PKSA-8hgq-58j8-2r94 CVE-2022-1173 GHSA-3p5m-j98p-c698
Affected version: <1.7.33
Reported by:
GitHub -
[HIGH] Stored Cross-site Scripting in grav
PKSA-tr2h-7v8b-81ts CVE-2022-0970 GHSA-r6hh-5g3q-wwgc
Affected version: <1.7.31
Reported by:
GitHub -
[MEDIUM] Cross site scripting in getgrav/grav
PKSA-b4mw-jq78-tcbr CVE-2022-0743 GHSA-2p89-ppc2-mrq4
Affected version: <1.7.31
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in grav
PKSA-vqg2-497k-m3wg CVE-2022-0268 GHSA-735v-wx75-xmmm
Affected version: <1.7.28
Reported by:
GitHub -
[MEDIUM] Open Redirect in Grav
PKSA-t4fn-8yhd-81q4 CVE-2020-11529 GHSA-wrxc-mr2w-cjpv
Affected version: <1.6.23
Reported by:
GitHub -
[HIGH] Path traversal in grav
PKSA-9xzb-d7b7-mcmc CVE-2021-3924 GHSA-8c5p-4362-9333
Affected version: <=1.7.24
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting in grav
PKSA-y8bw-fn2v-ndyh CVE-2021-3904 GHSA-5jxc-hmqf-3f73
Affected version: <1.7.24
Reported by:
GitHub -
[MEDIUM] Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
PKSA-4ky1-h6sk-d69f CVE-2021-3818 GHSA-cg3q-59w7-rvc2
Affected version: <1.7.21
Reported by:
GitHub -
[HIGH] Grav's Twig processing allowing dangerous PHP functions by default
PKSA-zfmm-zsx8-rxf1 CVE-2021-29440 GHSA-g8r4-p96j-xfxc
Affected version: <=1.7.10
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting in Grav
PKSA-qj1n-7jvb-xy2y GHSA-cvmr-6428-87w9
Affected version: <1.6.30
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Grav
PKSA-b9pb-c1xy-1cn5 CVE-2019-16126 GHSA-6268-v434-45m5
Affected version: <=1.7.0-beta.7
Reported by:
GitHub