getgrav/grav vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the getgrav/grav package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Directory Traversal	<1.7.46
M Cross-site Scripting (XSS)	<1.3.0
H Code Injection	<1.7.45
H Code Injection	<1.7.45
H Improper Control of Generation of Code ('Code Injection')	<1.7.45
C Path Traversal	<1.7.45
H Improper Control of Generation of Code ('Code Injection')	<1.7.45
H Arbitrary File Upload	<1.7.43
M Cross-site Scripting	>=0.0.0
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	>=1.7.42.1, <1.7.42.2
H Remote Code Execution (RCE)	<1.74.2
H Improper Input Validation	<1.7.42
H Incomplete List of Disallowed Inputs	<1.74.2
C Arbitrary Code Injection	<1.7.42
H Incomplete List of Disallowed Inputs	<1.7.42
M Cross-site Scripting (XSS)	>=0.0.0
C Code Injection	<1.7.34
L Cross-site Scripting (XSS)	<1.7.33
M Cross-site Scripting (XSS)	<1.7.31
M Cross-site Scripting (XSS)	<1.7.31
M Cross-site Scripting (XSS)	<1.7.28
M Open Redirect	<1.6.23
H Directory Traversal	<1.7.25
M Cross-site Scripting (XSS)	<1.7.24
L Improper Access Control	<1.7.21
H Arbitrary Code Execution	<1.7.11
M Directory Traversal	>=1.7.0-beta.1, <1.7.0-rc.18<1.6.29
M Directory Traversal	>=1.7.0-beta.1, <1.7.0-rc.18<1.6.29
M Cross Site Scripting (XSS)	<1.6.29
H Cross-site Scripting (XSS)	<1.6.30
M Cross-site Scripting (XSS)	>=0.0.0, <1.6.16