Search for packages
| purl | pkg:composer/oro/platform@1.3.2 |
| Next non-vulnerable version | 5.1.0-alpha.1 |
| Latest non-vulnerable version | 5.1.4 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-eh5a-tv8q-xkay
Aliases: CVE-2022-41951 GHSA-9v3j-4j64-p937 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T04:21:08.205212+00:00 | GitLab Importer | Affected by | VCID-eh5a-tv8q-xkay | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/oro/platform/CVE-2022-41951.yml | 38.6.0 |