craftcms/cms Security Advisories for 4.17.8 (2)
-
[MEDIUM] Craft CMS has a host header injection leading to SSRF via resource-js endpoint
PKSA-ntd3-69q5-4cfy GHSA-95wr-3f2v-v2wh
Affected version: >=4.0.0-RC1,<=4.17.8|>=5.0.0-RC1,<=5.9.14
Reported by:
GitHub -
[MEDIUM] Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations
PKSA-wb3t-ts8t-d4cj GHSA-3m9m-24vh-39wx
Affected version: >=4.0.0-RC1,<=4.17.8|>=5.0.0-RC1,<=5.9.14
Reported by:
GitHub