silverstripe/assets Security Advisories for 1.4.3 (5)
-
[MEDIUM] CVE-2022-29858: Unpublished, protected files can be published via shortcode
PKSA-gkm3-w29w-mn8y CVE-2022-29858 GHSA-v68g-62v9-39w5
Affected version: >=1.0.0,<1.10.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38147 - XSS via uploaded gpx file
PKSA-h12n-xqnh-nnc1 CVE-2022-38147 GHSA-vv3r-fxqp-vr3f
Affected version: >=1.0.0,<1.11.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2022-38724 - XSS in shortcodes
PKSA-vdrm-g673-qq8n CVE-2022-38724 GHSA-9cx2-hj6m-fv58
Affected version: >=1.0.0,<1.11.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders
PKSA-s2xf-zpcm-xmzc CVE-2019-12245 GHSA-jvx5-rm6q-gx7p
Affected version: >=1.0.0,<1.3.5|>=1.4.0,<1.4.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to
PKSA-mzkw-2yhz-1nzc CVE-2020-9280 GHSA-592m-4533-rxq9
Affected version: >=1.0.0,<1.4.7|>=1.5.0,<1.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories