Vulnerabilities > Casbin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-20 | CVE-2024-41657 | Incorrect Comparison vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 8.8 |
2024-08-20 | CVE-2024-41658 | Cross-site Scripting vulnerability in Casbin Casdoor Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. | 6.1 |
2024-08-01 | CVE-2024-41264 | Improper Certificate Validation vulnerability in Casbin Casdoor 1.636.0 An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. | 7.5 |
2023-06-22 | CVE-2023-34927 | Cross-Site Request Forgery (CSRF) vulnerability in Casbin Casdoor Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. | 6.5 |
2022-12-07 | CVE-2022-44942 | Path Traversal vulnerability in Casbin Casdoor Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | 8.1 |
2022-09-09 | CVE-2022-38638 | Path Traversal vulnerability in Casbin Casdoor 1.97.3 Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | 9.1 |
2022-01-29 | CVE-2022-24124 | SQL Injection vulnerability in Casbin Casdoor The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | 7.5 |