Lucene search
+L

4 matches found

cvelist
cvelist
added 5 days ago34 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
osv
osv
added 2024/03/22 4:55 p.m.26 views

GHSA-R6VW-8V8R-PMP4 Server Side Template Injection (SSTI)

Summary Due to the unrestricted access to twig extension class from grav context, an attacker can redefine config variable. As a result, attacker can bypass previous patch. Details The twig context has a function declared called getFunction. php public function getFunction$name if...

8.8CVSS9.1AI score0.0122EPSS
Exploits1References4
github
github
added 2019/09/11 11:1 p.m.18 views

Undefined Behavior in sailsjs-cacheman

All versions of sailsjs-cacheman have a vulnerability that may lead to Undefined Behavior. The config variable is exposing to the global scope which may overwrite other variables and cause the application to misbehave. Recommendation No fix is currently available. Consider using an alternative...

3.9AI score
Exploits0References4Affected Software1
nodejs
nodejs
added 2018/12/26 1:54 p.m.12 views

Undefined Behavior

Overview All versions of sailsjs-cacheman have a vulnerability that may lead to Undefined Behavior. The config variable is exposing to the global scope which may overwrite other variables and cause the application to misbehave. Recommendation No fix is currently available. Consider using an...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder