VulnerableCode Package Details - pkg:composer/oro/platform@5.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-eh5a-tv8q-xkay Aliases: CVE-2022-41951 GHSA-9v3j-4j64-p937	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.	5.0.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.0.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-h2ur-dutp-gqba Aliases: CVE-2023-45824 GHSA-vxq2-p937-3px3	Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.	5.1.0-alpha.1 Affected by 0 other vulnerabilities. 5.1.4 Affected by 0 other vulnerabilities.
VCID-mk5p-7x3m-v7hb Aliases: CVE-2023-32062 GHSA-x2xm-p6vq-482g	Improper Access Control OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.	5.0.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 5.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-eh5a-tv8q-xkay
Aliases:
CVE-2022-41951
GHSA-9v3j-4j64-p937

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

5.0.8
Affected by 2 other vulnerabilities.

5.0.9
Affected by 1 other vulnerability.

VCID-h2ur-dutp-gqba
Aliases:
CVE-2023-45824
GHSA-vxq2-p937-3px3

Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.

5.1.0-alpha.1
Affected by 0 other vulnerabilities.

5.1.4
Affected by 0 other vulnerabilities.

VCID-mk5p-7x3m-v7hb
Aliases:
CVE-2023-32062
GHSA-x2xm-p6vq-482g

Improper Access Control OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1.

5.0.7
Affected by 2 other vulnerabilities.

5.1.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:51:04.874965+00:00	GHSA Importer	Affected by	VCID-eh5a-tv8q-xkay	https://github.com/advisories/GHSA-9v3j-4j64-p937	38.6.0
2026-06-06T04:21:09.493194+00:00	GitLab Importer	Affected by	VCID-eh5a-tv8q-xkay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2022-41951.yml	38.6.0
2026-06-05T21:41:21.417167+00:00	GHSA Importer	Affected by	VCID-h2ur-dutp-gqba	https://github.com/advisories/GHSA-vxq2-p937-3px3	38.6.0
2026-06-02T04:47:26.501288+00:00	GitLab Importer	Affected by	VCID-h2ur-dutp-gqba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-45824.yml	38.6.0
2026-06-02T04:46:24.565968+00:00	GitLab Importer	Affected by	VCID-mk5p-7x3m-v7hb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-32062.yml	38.6.0