VYPR

Packagist (Composer) package

code16/sharp

pkg:composer/code16/sharp

Vulnerabilities (5)

  • CVE-2026-44692HigJun 10, 2026
    affected < 9.22.0fixed 9.22.0

    Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. B

  • CVE-2026-33687HigMar 26, 2026
    affected < 9.20.0fixed 9.20.0

    Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 contain a vulnerability in the file upload endpoint that allows authenticated users to bypass all file type restrictions. The upload endpoint within the `ApiFormUploadController` acce

  • CVE-2026-33686HigMar 26, 2026
    affected < 9.20.0fixed 9.20.0

    Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be passed into the storage layer. I

  • CVE-2025-62798MedOct 28, 2025
    affected < 9.11.1fixed 9.11.1

    Sharp is a content management framework built for Laravel as a package. Prior to 9.11.1, a Cross-Site Scripting (XSS) vulnerability was discovered in code16/sharp when rendering content using the SharpShowTextField component. In affected versions, expressions wrapped in {{ & }} w

  • CVE-2025-61457MedOct 21, 2025
    affected < 9.7.0fixed 9.7.0

    code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Form/Fields/SharpFormUploadField.php.