Packagist (Composer) package
verbb/knock-knock
pkg:composer/verbb/knock-knock
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-13485 | — | < 1.2.8 | 1.2.8 | May 25, 2020 | The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | ||
| CVE-2020-13486 | — | < 1.2.8 | 1.2.8 | May 25, 2020 | The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. |
- CVE-2020-13485May 25, 2020affected < 1.2.8fixed 1.2.8
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
- CVE-2020-13486May 25, 2020affected < 1.2.8fixed 1.2.8
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.