contao/core-bundle vulnerabilities

Contao 4 core bundle

Latest version: 4.7.4

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the contao/core-bundle package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Cross-site Request Forgery (CSRF)
>=4.7.0, <4.7.3 Not available 15 Apr, 2019
  • L
Security Issue
>4.4.0, <4.4.37,>4.7.0, <4.7.3 Not available 15 Apr, 2019
  • L
Information Exposure
>=4.7.0, <4.7.3 Not available 15 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=3.0.0, <3.5.35,>=4.0.0, <4.4.18,>=4.5.0, <4.5.7 Not available 25 Apr, 2018
  • M
SQL Injection
>=3.0.0, <3.5.30,>=4.0.0, <4.4.8 Not available 04 Dec, 2017
  • H
Arbitrary File Inclusion
>=3.0.0, <3.5.30,>=4.0.0, <4.4.8 Not available 12 Jul, 2017