Grav@* Security Vulnerabilities and Issues — Grav@* CVE List

Lucene search

GetgravGrav*

4 matches found

CVE•added 2021/04/13 8:15 p.m.•140 views

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance...

8.4CVSS7.5AI score0.20262EPSS

CVE•added 2021/09/27 1:15 p.m.•74 views

CVE-2021-3818

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

6.3CVSS5.4AI score0.00366EPSS

CVE•added 2021/10/27 10:15 p.m.•65 views

CVE-2021-3904

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3CVSS5.5AI score0.00169EPSS

CVE•added 2021/11/05 3:15 p.m.•59 views

CVE-2021-3924

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

8.8CVSS7.5AI score0.01152EPSS