contao/core-bundle/.../core-bundle vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the contao/core-bundle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Unrestricted Upload of File with Dangerous Type	>=4.0.0, <4.13.49>=5.0.0, <5.3.15>=5.4.0, <5.4.3
M Path Traversal	<4.13.49
M Information Exposure	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Session Fixation	>=4.0.0, <4.13.40
L Improper Neutralization of Special Elements in Output Used by a Downstream Component	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.13.40>=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.9.42>=4.10.0, <4.13.28>=5.0.0, <5.1.10
M Arbitrary File Upload	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
M Privilege Escalation	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
L Cross-site Scripting (XSS)	>=4.0.0, <4.4.56>=4.5.0, <4.9.18>=4.10.0, <4.11.7
M Cross-site Scripting (XSS)	>=4.10.0, <4.11.5>=4.5.0, <4.9.16
M Cross-site Scripting (XSS)	>=4.0.0, <4.4.52>=4.5.0, <4.9.6>=4.10.0, <4.10.1
H Arbitrary File Upload	>=4.5.0, <4.8.6>=4.0.0, <4.4.46
L Content Injection	>=4.8.4, <4.8.6
L Information Exposure	>=4.0.0, <4.4.46>=4.5.0, <4.8.6
M SQL Injection	>=4.1.0, <4.4.39>=4.5.0, <4.7.5
M Information Exposure	>=4.4.0, <4.4.31>=4.6.0, <4.6.11
L Security Issue	>4.4.0, <4.4.37>4.7.0, <4.7.3
L Information Exposure	>=4.7.0, <4.7.3
M Cross-site Request Forgery (CSRF)	>=4.7.0, <4.7.3
M Cross-site Scripting (XSS)	>=3.0.0, <3.5.35>=4.0.0, <4.4.18>=4.5.0, <4.5.7
M SQL Injection	>=3.0.0, <3.5.30>=4.0.0, <4.4.8
H Arbitrary File Inclusion	>=3.0.0, <3.5.30>=4.0.0, <4.4.8