search

4jean / lav_sms

Laravel School Management System (LAVSMS)
MIT License
768 stars 475 forks source link

Composer Audit #60

Open AiFxApp opened 1 year ago

AiFxApp commented 1 year ago

just sharing what i find in hopes that it will assist

Found 5 security vulnerability advisories affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2023-23924                                                                   |
| Title             | Dompdf vulnerable to URI validation failure on SVG parsing                       |
| URL               | https://github.com/advisories/GHSA-3cw5-7cxw-v5qg                                |
| Affected versions | <2.0.2                                                                           |
| Reported at       | 2023-02-01T01:37:56+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-41343                                                                   |
| Title             | Remote file inclusion                                                            |
| URL               | https://github.com/advisories/GHSA-6x28-7h8c-chx4                                |
| Affected versions | <2.0.1                                                                           |
| Reported at       | 2022-09-22T13:54:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-2400                                                                    |
| Title             | Dompdf before v2.0.0 vulnerable to chroot check bypass                           |
| URL               | https://github.com/advisories/GHSA-5qj8-6xxj-hp9h                                |
| Affected versions | <2.0.0                                                                           |
| Reported at       | 2022-07-19T00:00:26+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-0085                                                                    |
| Title             | Server-Side Request Forgery in dompdf/dompdf                                     |
| URL               | https://github.com/advisories/GHSA-pf6p-25r2-fx45                                |
| Affected versions | <2.0.0                                                                           |
| Reported at       | 2022-06-23T13:55:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-28368                                                                   |
| Title             | Remote code injection via remote fonts                                           |
| URL               | https://github.com/advisories/GHSA-x752-qjv4-c4hc                                |
| Affected versions | <1.2.1                                                                           |
| Reported at       | 2022-03-24T13:59:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
AiFxApp commented 1 year ago

and... 

Configuration cache cleared!
Configuration cached successfully!
Route cache cleared!

   LogicException 

  Unable to prepare route [home] for serialization. Another route has already been assigned name [home].

  at C:\lav_sms-master\vendor\laravel\framework\src\Illuminate\Routing\AbstractRouteCollection.php:218
    214▕             $route->name($name = $this->generateRouteName());
    215▕
    216▕             $this->add($route);
    217▕         } elseif (! is_null($symfonyRoutes->get($name))) {
  ➜ 218▕             throw new LogicException("Unable to prepare route [{$route->uri}] for serialization. Another route has already been assigned name [{$name}].");
    219▕         }
    220▕
    221▕         $symfonyRoutes->add($route->getName(), $route->toSymfonyRoute());
    222▕

  1   C:\lav_sms-master\vendor\laravel\framework\src\Illuminate\Routing\AbstractRouteCollection.php:179
      Illuminate\Routing\AbstractRouteCollection::addToSymfonyRoutesCollection(Object(Symfony\Component\Routing\RouteCollection), Object(Illuminate\Routing\Route))

  2   C:\lav_sms-master\vendor\laravel\framework\src\Illuminate\Routing\RouteCollection.php:246
      Illuminate\Routing\AbstractRouteCollection::toSymfonyRouteCollection()