Security Advisories - craftcms/cms - Packagist.org

craftcms/cms Security Advisories for 5.9.14 (3)

[MEDIUM] Craft CMS has a host header injection leading to SSRF via resource-js endpoint

PKSA-ntd3-69q5-4cfy GHSA-95wr-3f2v-v2wh

Affected version: >=4.0.0-RC1,<=4.17.8|>=5.0.0-RC1,<=5.9.14

Reported by:
GitHub
[MEDIUM] Server-Side Request Forgery (SSRF) in Craft CMS with Asset Uploads Mutations

PKSA-wb3t-ts8t-d4cj GHSA-3m9m-24vh-39wx

Affected version: >=4.0.0-RC1,<=4.17.8|>=5.0.0-RC1,<=5.9.14

Reported by:
GitHub
[MEDIUM] Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

PKSA-dmwd-n76s-m3f9 GHSA-jq2f-59pj-p3m3

Affected version: >=5.6.0,<5.9.15

Reported by:
GitHub