craterapp CVE 脆弱性と CVE 一覧（9）

製品（CPE）: — CVE 件数: 9

craterapp 脆弱性概要

craterapp 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting and vendor risk csrf があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2023-46865	/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.	[email protected]	7.2	20.32%	2023-10-30	2024-11-21
CVE-2022-1032	Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.	[email protected]	7.2	1.58%	2022-03-29	2024-11-21
CVE-2022-1033	Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.	[email protected]	7.8	0.91%	2022-03-23	2024-11-21
CVE-2022-0515	Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.	[email protected]	4.3	0.42%	2022-03-21	2024-11-21
CVE-2022-0514	Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.	[email protected]	6.5	0.94%	2022-03-21	2024-11-21
CVE-2022-0372	Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2.	[email protected]	5.4	0.60%	2022-01-27	2024-11-21
CVE-2022-0203	Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.	[email protected]	5.3	1.19%	2022-01-26	2024-11-21
CVE-2022-0242	Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.	[email protected]	7.2	1.41%	2022-01-17	2024-11-21
CVE-2021-4080	crater is vulnerable to Unrestricted Upload of File with Dangerous Type	[email protected]	8.8	1.47%	2022-01-12	2024-11-21

cvelogic Threat Intelligence