org.craftercms:crafter-search@2.5.16 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.craftercms:crafter-search package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

org.craftercms:crafter-search is a search facade for Crafter CMS. Crafter Search proxies the real search engine deployed behind it.

Affected versions of this package are vulnerable to Information Exposure. Installations of craftercms, where crafter-search is not protected, allows unauthenticated remote attackers to create, view, and delete search indexes.

How to fix Information Exposure?

Upgrade org.craftercms:crafter-search to version 3.1.15 or higher.

[,3.1.15)