mautic/core-lib vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mautic/core-lib package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	>=5.0.0-alpha, <5.2.8>=6.0.0-alpha, <6.0.5
H Unverified Ownership	<5.2.8>=6.0.0-alpha, <6.0.5
M Observable Response Discrepancy	<5.2.8>=6.0.0-alpha, <6.0.5
M Server-side Request Forgery (SSRF)	<5.2.8>=6.0.0-alpha, <6.0.5
M Missing Authorization	<5.2.6>=6.0.0-alpha, <6.0.2
M Exposure of Sensitive System Information to an Unauthorized Control Sphere	<5.2.6>=6.0.0-alpha, <6.0.2
M Open Redirect	<5.2.6>=6.0.0-alpha, <6.0.2
M Timing Attack	<5.2.6>=6.0.0-alpha, <6.0.2
M Improper Validation of Specified Quantity in Input	<5.2.6>=6.0.0-alpha, <6.0.2
M Incorrect Authorization	<5.2.3>=6.0.0-alpha, <6.0.0-beta
M Directory Traversal	<5.2.3>=6.0.0-alpha, <6.0.0-beta
H Arbitrary Code Injection	<5.2.3>=6.0.0-alpha, <6.0.0-beta
M Missing Authentication for Critical Function	>=1.0.0-beta3, <4.4.13>=5.0.0-alpha, <5.1.1
M Cross-site Scripting (XSS)	>=1.0.0-beta, <4.4.13>=5.0.0-alpha, <5.1.1
H Cross-site Scripting (XSS)	>=1.0.0-beta4, <4.4.13>=5.0.0-alpha, <5.1.1
H Improper Access Control	>=1.1.3, <4.4.13>=5.0.0-alpha, <5.1.1
M Cross-site Scripting (XSS)	>=2.6.0, <4.4.13>=5.0.0-alpha, <5.1.1