Search for packages
| purl | pkg:composer/oro/platform@5.0.9 |
| Next non-vulnerable version | 5.1.0-alpha.1 |
| Latest non-vulnerable version | 5.1.4 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-h2ur-dutp-gqba
Aliases: CVE-2023-45824 GHSA-vxq2-p937-3px3 |
Pinned entity creation form shows wrong data Logged in user can access page state data of pinned pages of other users by pageId hash. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-eh5a-tv8q-xkay | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. |
CVE-2022-41951
GHSA-9v3j-4j64-p937 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T04:46:54.224727+00:00 | GitLab Importer | Affected by | VCID-h2ur-dutp-gqba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2023-45824.yml | 38.6.0 |
| 2026-06-02T04:46:24.769493+00:00 | GitLab Importer | Fixing | VCID-eh5a-tv8q-xkay | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2022-41951.yml | 38.6.0 |