Security Advisories - contao/contao - Packagist

contao/contao Security Advisories for 4.9.39 (2)

[LOW] Contao allows admin an account to upload SVG file containing malicious JavaScript

PKSA-64ps-f717-jtgs CVE-2024-45965 GHSA-mrw8-5368-phm3

Affected version: <=5.4.1

Reported by:
GitHub
[HIGH] Directory traversal vulnerability in the file manager

PKSA-3m2g-ygwq-rxnz CVE-2023-29200 GHSA-fp7q-xhhw-6rj3

Affected version: >=4.9.0,<4.9.40|>=4.13.0,<4.13.21|>=5.1.0,<5.1.4

Reported by:
FriendsOfPHP/security-advisories, GitHub