VulnerableCode Package Details - pkg:composer/oro/platform@5.0.8

Search for packages

Vulnerability	Summary	Fixed by
VCID-eh5a-tv8q-xkay Aliases: CVE-2022-41951 GHSA-9v3j-4j64-p937	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.	5.0.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-h2ur-dutp-gqba Aliases: CVE-2023-45824 GHSA-vxq2-p937-3px3	Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.	5.1.0-alpha.1 Affected by 0 other vulnerabilities. 5.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-eh5a-tv8q-xkay
Aliases:
CVE-2022-41951
GHSA-9v3j-4j64-p937

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.

5.0.9
Affected by 1 other vulnerability.

VCID-h2ur-dutp-gqba
Aliases:
CVE-2023-45824
GHSA-vxq2-p937-3px3

Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash.

5.1.0-alpha.1
Affected by 0 other vulnerabilities.

5.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-eh5a-tv8q-xkay	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.	CVE-2022-41951 GHSA-9v3j-4j64-p937

Vulnerability

Summary

Aliases

VCID-eh5a-tv8q-xkay

CVE-2022-41951
GHSA-9v3j-4j64-p937

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:51:04.878406+00:00	GHSA Importer	Fixing	VCID-eh5a-tv8q-xkay	https://github.com/advisories/GHSA-9v3j-4j64-p937	38.6.0
2026-06-06T04:46:54.222454+00:00	GitLab Importer	Affected by	VCID-h2ur-dutp-gqba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-45824.yml	38.6.0
2026-06-06T04:21:09.528759+00:00	GitLab Importer	Affected by	VCID-eh5a-tv8q-xkay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2022-41951.yml	38.6.0
2026-06-04T17:19:15.931258+00:00	GithubOSV Importer	Fixing	VCID-eh5a-tv8q-xkay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-9v3j-4j64-p937/GHSA-9v3j-4j64-p937.json	38.6.0