PyPI package
inventree
pkg:pypi/inventree
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3355 | Med | 5.4 | < 0.8.3 | 0.8.3 | Sep 29, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. | |
| CVE-2022-2112 | Hig | 8.8 | < 0.7.2 | 0.7.2 | Jun 17, 2022 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | |
| CVE-2022-2111 | Hig | 8.8 | < 0.7.2 | 0.7.2 | Jun 17, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. |
- affected < 0.8.3fixed 0.8.3
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
- affected < 0.7.2fixed 0.7.2
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
- affected < 0.7.2fixed 0.7.2
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.