VulnerableCode Package Details - pkg:composer/oro/platform@4.2.8

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-htv9-tpny-7ycn	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') OroPlatform is a PHP Business Application Platform. an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that is vulnerable to Prototype Pollution. This issue has been patched Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__`, `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.	CVE-2021-43852 GHSA-jx5q-g37m-h5hj
VCID-j1uw-vqqx-uuh2	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in oro/platform.	GHSA-rrgw-3hg3-9x8c GMS-2022-24
VCID-mp7m-9665-uqb6	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') OroPlatform is a PHP Business Application Platform.An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.	CVE-2021-41236 GHSA-qv7g-j98v-8pp7

Vulnerability

Summary

Aliases

VCID-htv9-tpny-7ycn

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') OroPlatform is a PHP Business Application Platform. an attacker could inject properties into existing JavaScript language construct prototypes, such as objects. Later this injection may lead to JS code execution by libraries that is vulnerable to Prototype Pollution. This issue has been patched Users unable to upgrade may configure a firewall to drop requests containing next strings: `__proto__`, `constructor[prototype]`, and `constructor.prototype` to mitigate this issue.

CVE-2021-43852
GHSA-jx5q-g37m-h5hj

VCID-j1uw-vqqx-uuh2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in oro/platform.

GHSA-rrgw-3hg3-9x8c
GMS-2022-24

VCID-mp7m-9665-uqb6

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') OroPlatform is a PHP Business Application Platform.An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.

CVE-2021-41236
GHSA-qv7g-j98v-8pp7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:40:56.869194+00:00	GitLab Importer	Fixing	VCID-j1uw-vqqx-uuh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/GMS-2022-24.yml	38.6.0
2026-06-02T04:40:49.089673+00:00	GitLab Importer	Fixing	VCID-htv9-tpny-7ycn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2021-43852.yml	38.6.0
2026-06-02T04:40:49.040088+00:00	GitLab Importer	Fixing	VCID-mp7m-9665-uqb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2021-41236.yml	38.6.0