verbb/knock-knock

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting verbb/knock-knockpage 1 of 1

CVE-2020-13485CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.2.8
2020-05-25
vulnerable: 1.0.0 ... 1.2.7 (18 versions)
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
CVE-2020-13486MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.8
2020-05-25
vulnerable: 1.0.0 ... 1.2.7 (18 versions)
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

Check whether verbb/knock-knock is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for verbb/knock-knock CVEs against the assets you own.

Start Free Scan →