3 matches found
Duplicate Advisory: Grav has Insecure Deserialization in File Cache
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...
PT-2026-35830
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
Improper Neutralization of Special Elements Used in a Template Engine
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Twig processing feature enabled through page frontmatter. An...