cedric-anne/glpi

composer audit failed

github-actions opened this issue · 0 comments

github-actions commented 
# composer audit report

Info from https://repo.packagist.org: #StandWithUkraine
Found 4 security vulnerability advisories affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | phpmailer/phpmailer                                                              |
| CVE               | CVE-2021-34551                                                                   |
| Title             | RCE affecting Windows hosts via UNC paths to translation files                   |
| URL               | https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0                       |
| Affected versions | <6.5.0                                                                           |
| Reported at       | 2021-06-16T16:20:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phpmailer/phpmailer                                                              |
| CVE               | CVE-2021-3603                                                                    |
| Title             | Untrusted code may be run from an overridden address validator                   |
| URL               | https://github.com/PHPMailer/PHPMailer/releases/tag/v6.5.0                       |
| Affected versions | <6.5.0                                                                           |
| Reported at       | 2021-06-16T16:20:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phpmailer/phpmailer                                                              |
| CVE               | CVE-2020-13625                                                                   |
| Title             | Insufficient output escaping of attachment names in PHPMailer                    |
| URL               | https://github.com/advisories/GHSA-f7hx-fqxw-rvvj                                |
| Affected versions | <6.1.6                                                                           |
| Reported at       | 2020-05-27T16:37:02+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phpmailer/phpmailer                                                              |
| CVE               | CVE-2018-19296                                                                   |
| Title             | Object injection                                                                 |
| URL               | https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6                       |
| Affected versions | >=5.0.0,<5.2.27|>=6.0.0,<6.0.6                                                   |
| Reported at       | 2017-07-26T00:41:32+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+