Crater Security Vulnerabilities and Issues — Crater CVE List

Lucene search

CraterappCrater

9 matches found

CVE•added 2022/03/23 8:15 a.m.•79 views

CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.

7.8CVSS7.2AI score0.00246EPSS

CVE•added 2022/03/21 7:15 p.m.•69 views

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.

6.5CVSS6.5AI score0.00193EPSS

CVE•added 2022/01/26 1:15 p.m.•66 views

CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.

7.5CVSS5.6AI score0.00277EPSS

CVE•added 2022/03/21 7:15 p.m.•66 views

CVE-2022-0515

Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

4.3CVSS4.7AI score0.00111EPSS

CVE•added 2022/03/29 8:15 a.m.•66 views

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.

7.2CVSS7.1AI score0.00444EPSS

CVE•added 2022/01/17 7:15 p.m.•61 views

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.

7.2CVSS6.9AI score0.00493EPSS

CVE•added 2022/01/12 2:15 p.m.•54 views

CVE-2021-4080

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

8.8CVSS8.6AI score0.00423EPSS

CVE•added 2022/01/27 8:15 a.m.•51 views

CVE-2022-0372

Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.

7.6CVSS5.3AI score0.00263EPSS

CVE•added 2023/10/30 1:15 a.m.•39 views

CVE-2023-46865

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

7.2CVSS7.2AI score0.6817EPSS