cachethq/cachet

Packagist5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting cachethq/cachetpage 1 of 1

CVE-2021-39165HIGHCVSS 8.1EG 9.0
2021-08-26
vulnerable: v0.1.0-alpha ... v2.3.9 (54 versions)
Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensit…
CVE-2021-39172HIGHCVSS 8.8EG 8.8✓ Fixed in 2.5.1
2021-08-27
vulnerable: v0.1.0-alpha ... v2.4.1 (56 versions)
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain a…
CVE-2021-39173HIGHCVSS 8.8EG 8.8✓ Fixed in 2.5.1
2021-08-27
vulnerable: v0.1.0-alpha ... v2.4.1 (56 versions)
Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. Th…
CVE-2021-39174HIGHCVSS 8.8EG 8.8✓ Fixed in 2.5.1
2021-08-28
vulnerable: v0.1.0-alpha ... v2.4.1 (56 versions)
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_K…
CVE-2023-43661HIGHCVSS 8.8EG 8.8✓ Fixed in 2.4
2023-10-11
vulnerable: v0.1.0-alpha ... v2.3.9 (54 versions)
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb04…

Check whether cachethq/cachet is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cachethq/cachet CVEs against the assets you own.

Start Free Scan →