wintercms/winter

Packagist3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting wintercms/winterpage 1 of 1

CVE-2022-39357HIGHCVSS 8.1EG 8.1✓ Fixed in 1.2.1
2022-10-26
vulnerable: v1.2.0
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin …
CVE-2023-37269LOWCVSS 2.0EG 2.0✓ Fixed in 1.2.3
2023-07-07
vulnerable: v1.0.319 ... v1.2.2 (171 versions)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not san…
CVE-2024-29686HIGHCVSS 7.2EG 8.8
2024-03-29
vulnerable: v1.0.319 ... v1.2.3 (172 versions)
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the pay…

Check whether wintercms/winter is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for wintercms/winter CVEs against the assets you own.

Start Free Scan →