silverstripe/assets Security Advisories for 1.3.5 (4)
-
[MEDIUM] CVE-2022-29858: Unpublished, protected files can be published via shortcode
PKSA-gkm3-w29w-mn8y CVE-2022-29858 GHSA-v68g-62v9-39w5
Affected version: >=1.0.0,<1.10.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38147 - XSS via uploaded gpx file
PKSA-h12n-xqnh-nnc1 CVE-2022-38147 GHSA-vv3r-fxqp-vr3f
Affected version: >=1.0.0,<1.11.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38724 - XSS in shortcodes
PKSA-vdrm-g673-qq8n CVE-2022-38724 GHSA-9cx2-hj6m-fv58
Affected version: >=1.0.0,<1.11.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to
PKSA-mzkw-2yhz-1nzc CVE-2020-9280 GHSA-592m-4533-rxq9
Affected version: >=1.0.0,<1.4.7|>=1.5.0,<1.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories