thecontrolgroup 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥 などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-55417 | DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. | [email protected] | 4.3 | 17.76% | 2025-01-30 | 2025-05-23 |
| CVE-2024-55416 | DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. | [email protected] | 3.5 | 1.30% | 2025-01-30 | 2025-05-23 |
| CVE-2024-55415 | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. | [email protected] | 5.7 | 63.78% | 2025-01-30 | 2025-05-23 |
| CVE-2020-36070 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | [email protected] | 9.8 | 1.73% | 2023-04-26 | 2025-02-03 |
| CVE-2019-17050 | An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. | [email protected] | 7.2 | 0.68% | 2019-09-30 | 2024-11-21 |