Vulnerabilities > Octopus > Octopus Server > 3.12.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-2778 | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | 9.8 |
| 2017-07-17 | CVE-2017-11348 | Path Traversal vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. | 6.3 |