VulnerableCode Package Details - pkg:composer/oro/platform@4.2.10

Search for packages

Vulnerability	Summary	Fixed by
VCID-eh5a-tv8q-xkay Aliases: CVE-2022-41951 GHSA-9v3j-4j64-p937	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.	5.0.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-h2ur-dutp-gqba Aliases: CVE-2023-45824 GHSA-vxq2-p937-3px3	Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.	5.0.0-alpha.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 5.1.0-alpha.1 Affected by 0 other vulnerabilities. 5.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-eh5a-tv8q-xkay
Aliases:
CVE-2022-41951
GHSA-9v3j-4j64-p937

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

5.0.8
Affected by 2 other vulnerabilities.

5.0.9
Affected by 1 other vulnerability.

VCID-h2ur-dutp-gqba
Aliases:
CVE-2023-45824
GHSA-vxq2-p937-3px3

Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.

5.0.0-alpha.1
Affected by 1 other vulnerability.

5.1.0-alpha.1
Affected by 0 other vulnerabilities.

5.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:51:04.841436+00:00	GHSA Importer	Affected by	VCID-eh5a-tv8q-xkay	https://github.com/advisories/GHSA-9v3j-4j64-p937	38.6.0
2026-06-06T04:21:09.461784+00:00	GitLab Importer	Affected by	VCID-eh5a-tv8q-xkay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2022-41951.yml	38.6.0
2026-06-05T21:41:21.501897+00:00	GHSA Importer	Affected by	VCID-h2ur-dutp-gqba	https://github.com/advisories/GHSA-vxq2-p937-3px3	38.6.0
2026-06-02T04:47:26.497342+00:00	GitLab Importer	Affected by	VCID-h2ur-dutp-gqba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-45824.yml	38.6.0