getgrav/grav vulnerabilities

Licenses: MIT

License

Known vulnerabilities in the getgrav/grav package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	>=0.0.0
H Directory Traversal	<1.7.46
M Cross-site Scripting (XSS)	<1.3.0
H Code Injection	<1.7.45
H Code Injection	<1.7.45
H Improper Control of Generation of Code ('Code Injection')	<1.7.45
C Path Traversal	<1.7.45
H Improper Control of Generation of Code ('Code Injection')	<1.7.45
H Arbitrary File Upload	<1.7.43
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	>=1.7.42.1, <1.7.42.2
H Remote Code Execution (RCE)	<1.7.34
H Improper Input Validation	<1.7.42
H Incomplete List of Disallowed Inputs	<1.7.42
C Arbitrary Code Injection	<1.7.42
H Incomplete List of Disallowed Inputs	<1.7.42
C Code Injection	<1.7.34
L Cross-site Scripting (XSS)	<1.7.33
M Cross-site Scripting (XSS)	<1.7.31
M Cross-site Scripting (XSS)	<1.7.31
M Cross-site Scripting (XSS)	<1.7.28
M Open Redirect	<1.6.23
H Directory Traversal	<1.7.25
M Cross-site Scripting (XSS)	<1.7.24
L Improper Access Control	<1.7.21
H Arbitrary Code Execution	<1.7.11
M Directory Traversal	>=1.7.0-beta.1, <1.7.0-rc.18<1.6.29
M Directory Traversal	>=1.7.0-beta.1, <1.7.0-rc.18<1.6.29
M Cross Site Scripting (XSS)	<1.6.29
H Cross-site Scripting (XSS)	<1.6.30
M Cross-site Scripting (XSS)	>=0.0.0, <1.6.16