october/october vulnerabilities

Built using October CMS: The Platform That Gets Back to Basics

Latest version: v2.1.16

Licenses detected

  • license: MIT < v2.0.0, >= v1.0.319
  • license: Unknown >= v2.0.0
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the october/october package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
Access Restriction Bypass
<2.1.12 Not available 07 Oct, 2021
  • M
Remote Code Execution (RCE)
>=1.0.469, <1.0.470,>=1.1.0, <1.1.1 Not available 24 Nov, 2020
  • M
Cross-site Scripting (XSS)
>=1.0.319, <1.0.469 Not available 24 Nov, 2020
  • L
Privilege Escalation
>=1.0.319, <1.0.470 Not available 24 Nov, 2020
  • M
Remote Code Execution (RCE)
>=1.0.319, <1.0.469 Not available 24 Nov, 2020
  • M
Arbitrary File Read
>=1.0.421, <1.0.469 Not available 24 Nov, 2020
  • M
Cross-site Scripting (XSS)
<1.0.426 Not available 31 Jul, 2020
  • H
Cross-site Scripting (XSS)
>=1.0.319, <1.0.466 Not available 15 Jul, 2020
  • H
Cross-site Scripting (XSS)
>=1.0.319, <1.0.467 Not available 03 Jul, 2020
  • M
Arbitrary File Read
>=1.0.319, <1.0.466 Not available 04 Jun, 2020
  • H
Cross-site Scripting (XSS)
>=1.0.319, <1.0.466 Not available 04 Jun, 2020
  • M
Arbitrary File Upload
>=1.0.319, <1.0.466 Not available 04 Jun, 2020
  • M
Arbitrary File Write
>=1.0.319, <1.0.466 Not available 04 Jun, 2020
  • M
Command Injection
>=1.0.319, <1.0.466 Not available 04 Jun, 2020
  • H
Arbitrary Code Execution
<1.0.437 Not available 30 Jul, 2018
  • M
Cross-site Scripting (XSS)
<1.0.437 Not available 30 Jul, 2018
  • C
File Path Modification
<1.0.413 Not available 17 Apr, 2018
  • C
Arbitrary Code Execution
<1.0.413 Not available 17 Apr, 2018
  • H
Arbitrary Code Injection
<1.0.413 Not available 17 Apr, 2018
  • M
Cross-site Scripting (XSS)
<1.0.413 Not available 17 Apr, 2018
  • H
Cross-site Request Forgery (CSRF)
<1.0.427 Not available 17 Apr, 2018
  • H
Arbitrary Code Execution
<1.0.413 Not available 17 Apr, 2018
  • M
Cross-site Scripting (XSS)
<1.0.431 Not available 15 Mar, 2018
  • C
Configuration Modification
=1.0.412 Not available 07 Dec, 2017