badaso/core

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting badaso/corepage 1 of 1

CVE-2022-41705CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.7.0
2022-11-25
vulnerable: 1.0.0 ... 2.6.3 (107 versions)
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2022-41711CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.6.1
2022-10-25
vulnerable: 1.0.0 ... 2.6.0 (104 versions)
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

Check whether badaso/core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for badaso/core CVEs against the assets you own.

Start Free Scan →