getkirby/panel Security Advisories for 2.5.9-RC-1 (2)
-
[MEDIUM] Kirby .dev domains and some reverse proxy setups were treated as local
PKSA-wxk6-8g5k-kq8b CVE-2020-26253 GHSA-2ccx-2gf3-8xvv
Affected version: <2.5.14
Reported by:
GitHub -
[MEDIUM] Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
PKSA-68c1-zbdg-v43v CVE-2020-26255 GHSA-g3h8-cg9x-47qw
Affected version: <2.5.14
Reported by:
GitHub