contao/core-bundle vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the contao/core-bundle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Information Exposure	>=4.0.0, <4.13.40 >=5.0.0-RC1, <5.3.4
M Session Fixation	>=4.0.0, <4.13.40
L Improper Neutralization of Special Elements in Output Used by a Downstream Component	>=4.0.0, <4.13.40 >=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.13.40 >=5.0.0-RC1, <5.3.4
M Cross-site Scripting (XSS)	>=4.0.0, <4.9.42 >=4.10.0, <4.13.28 >=5.0.0, <5.1.10
M Arbitrary File Upload	>=4.0.0, <4.4.56 >=4.5.0, <4.9.18 >=4.10.0, <4.11.7
M Privilege Escalation	>=4.0.0, <4.4.56 >=4.5.0, <4.9.18 >=4.10.0, <4.11.7
L Cross-site Scripting (XSS)	>=4.0.0, <4.4.56 >=4.5.0, <4.9.18 >=4.10.0, <4.11.7
M Cross-site Scripting (XSS)	>=4.10.0, <4.11.5 >=4.5.0, <4.9.16
M Cross-site Scripting (XSS)	>=4.0.0, <4.4.52 >=4.5.0, <4.9.6 >=4.10.0, <4.10.1
H Arbitrary File Upload	>=4.5.0, <4.8.6 >=4.0.0, <4.4.46
L Content Injection	>=4.8.4, <4.8.6
L Information Exposure	>=4.0.0, <4.4.46 >=4.5.0, <4.8.6
M SQL Injection	>=4.1.0, <4.4.39 >=4.5.0, <4.7.5
M Information Exposure	>=4.4.0, <4.4.31 >=4.6.0, <4.6.11
M Cross-site Request Forgery (CSRF)	>=4.7.0, <4.7.3
L Security Issue	>4.4.0, <4.4.37 >4.7.0, <4.7.3
L Information Exposure	>=4.7.0, <4.7.3
M Cross-site Scripting (XSS)	>=3.0.0, <3.5.35 >=4.0.0, <4.4.18 >=4.5.0, <4.5.7
M SQL Injection	>=3.0.0, <3.5.30 >=4.0.0, <4.4.8
H Arbitrary File Inclusion	>=3.0.0, <3.5.30 >=4.0.0, <4.4.8