Security Advisories - wintercms/winter - Packagist

wintercms/winter Security Advisories for v1.1.9 (3)

[HIGH] Winter CMS Server-Side Template Injection (SSTI) vulnerability

PKSA-8f2z-f7m8-2xxr CVE-2024-29686 GHSA-8r5j-gm3j-cx9c

Affected version: <=1.2.3

Reported by:
GitHub
[LOW] Winter CMS stored XSS through privileged upload of SVG file

PKSA-ysj2-6nmd-36qh CVE-2023-37269 GHSA-wjw2-4j7j-6gc3

Affected version: <1.2.3

Reported by:
GitHub
[HIGH] Prototype pollution in Snowboard framework

PKSA-ptqm-3112-nnkg CVE-2022-39357 GHSA-3fh5-q6fg-w28q

Affected version: >=1.2.0,<1.2.1|>=1.1.8,<1.1.10

Reported by:
GitHub