contao/core-bundle vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the contao/core-bundle package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Authorization	>=5.3.0, <5.3.38>=5.4.0-RC1, <5.6.1
M Incorrect Authorization	>=4.9.14, <4.13.56>=5.0.0-RC1, <5.3.38>=5.4.0-RC1, <5.6.1
M Incorrect Authorization	>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1
M Cross-site Scripting (XSS)	>=4.0.0, <4.13.54>=5.0.0, <5.3.30>=5.4.0, <5.5.6
H Unrestricted Upload of File with Dangerous Type	>=4.0.0, <4.13.49>=5.0.0, <5.3.15>=5.4.0, <5.4.3
M Path Traversal	<4.13.49
M Information Exposure	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Session Fixation	>=4.0.0, <4.13.40
L Improper Neutralization of Special Elements in Output Used by a Downstream Component	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.9.42>=4.10.0, <4.13.28>=5.0.0, <5.1.10
M Arbitrary File Upload	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
M Privilege Escalation	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
L Cross-site Scripting (XSS)	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
M Cross-site Scripting (XSS)	>=4.10.0, <4.11.5>=4.5.0, <4.9.16
M Cross-site Scripting (XSS)	>=4.0.0, <4.4.52>=4.5.0, <4.9.6>=4.10.0, <4.10.1
H Arbitrary File Upload	>=4.5.0, <4.8.6>=4.0.0, <4.4.46
L Content Injection	>=4.8.4, <4.8.6
L Information Exposure	>=4.0.0, <4.4.46>=4.5.0, <4.8.6
M SQL Injection	>=4.1.0, <4.4.39>=4.5.0, <4.7.5
M Information Exposure	>=4.4.0, <4.4.31>=4.6.0, <4.6.11
L Information Exposure	>=4.7.0, <4.7.3
L Security Issue	>4.4.0, <4.4.37>4.7.0, <4.7.3
M Cross-site Request Forgery (CSRF)	>=4.7.0, <4.7.3
M Cross-site Scripting (XSS)	>=3.0.0, <3.5.35>=4.0.0, <4.4.18>=4.5.0, <4.5.7
M SQL Injection	>=3.0.0, <3.5.30>=4.0.0, <4.4.8
H Arbitrary File Inclusion	>=3.0.0, <3.5.30>=4.0.0, <4.4.8

Vulnerability

Vulnerable Version

Incorrect Authorization

>=5.3.0, <5.3.38>=5.4.0-RC1, <5.6.1

Incorrect Authorization

>=4.9.14, <4.13.56>=5.0.0-RC1, <5.3.38>=5.4.0-RC1, <5.6.1

Incorrect Authorization

>=5.0.0, <5.3.38>=5.4.0-RC1, <5.6.1

Cross-site Scripting (XSS)

>=4.0.0, <4.13.54>=5.0.0, <5.3.30>=5.4.0, <5.5.6

Unrestricted Upload of File with Dangerous Type

>=4.0.0, <4.13.49>=5.0.0, <5.3.15>=5.4.0, <5.4.3