VYPR

Packagist (Composer) package

markhuot/craftql

pkg:composer/markhuot/craftql

Vulnerabilities (1)

  • CVE-2026-31317HigApr 17, 2026
    affected <= 1.3.7

    Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file