[MEDIUM] Statamic CMS has a Path Traversal in Asset Upload

PKSA-8gf5-xvpy-gbms CVE-2024-52600 GHSA-p7f6-8mcm-fwv3

Affected version: <=5.16.0

Reported by:
GitHub

[LOW] Password confirmation stored in plain text via registration form in statamic/cms

PKSA-t5bn-h473-kjrn CVE-2024-36119 GHSA-qvpj-w7xj-r6w9

Affected version: >=5.3.0,<5.6.2

Reported by:
GitHub