VYPR

Packagist (Composer) package

snipe/snipe-it

pkg:composer/snipe/snipe-it

Vulnerabilities (46)

  • CVE-2022-2997Aug 25, 2022
    affected < 6.0.10fixed 6.0.10

    Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

  • CVE-2022-32061Jul 7, 2022
    affected <= 6.0.2

    An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2022-32060Jul 7, 2022
    affected <= 6.0.2

    An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2022-23064May 2, 2022
    affected >= 3.0-alpha, < 5.4.0fixed 5.4.0

    In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus lea

  • CVE-2022-1511Apr 28, 2022
    affected < 5.4.4fixed 5.4.4

    Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.

  • CVE-2022-1445Apr 24, 2022
    affected < 5.4.3fixed 5.4.3

    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.

  • CVE-2022-1380Apr 16, 2022
    affected < 5.4.3fixed 5.4.3

    Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

  • CVE-2022-1155Mar 30, 2022
    affected >= 6.0.0-RC-1, < 6.0.0-RC-6fixed 6.0.0-RC-6

    Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

  • CVE-2022-0622Feb 17, 2022
    affected < 5.3.11fixed 5.3.11

    Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.

  • CVE-2022-0611Feb 15, 2022
    affected < 5.3.11fixed 5.3.11

    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

  • CVE-2022-0579Feb 14, 2022
    affected < 5.3.9fixed 5.3.9

    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

  • CVE-2022-0569Feb 12, 2022
    affected < 5.3.10fixed 5.3.10

    Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

  • CVE-2022-0178Jan 13, 2022
    affected < 5.3.8fixed 5.3.8

    Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

  • CVE-2022-0179Jan 12, 2022
    affected < 5.3.7fixed 5.3.7

    snipe-it is vulnerable to Missing Authorization

  • CVE-2021-4130Dec 18, 2021
    affected < 5.3.6fixed 5.3.6

    snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

  • CVE-2021-4108Dec 14, 2021
    affected < 5.3.5fixed 5.3.5

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2021-4089Dec 10, 2021
    affected < 5.3.4fixed 5.3.4

    snipe-it is vulnerable to Improper Access Control

  • CVE-2021-4075Dec 6, 2021
    affected < 6.0.0-GMfixed 6.0.0-GM

    snipe-it is vulnerable to Server-Side Request Forgery (SSRF)

  • CVE-2021-4018Dec 1, 2021
    affected < 5.3.3fixed 5.3.3

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2021-3961Nov 19, 2021
    affected < 5.3.2fixed 5.3.2

    snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Page 2 of 3