CVE-2024-35191

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-35191

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35191.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-35191

Aliases

GHSA-v45m-hxqp-fwf5

Published

2024-05-20T21:15:09Z

Modified

2024-10-08T04:14:00.119204Z

Summary

[none]

Details

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.

References

Affected packages

Git / github.com/verbb/formie

Affected ranges

Type: GIT
Repo: https://github.com/verbb/formie
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

90296edf7e707f117e760aa57e70dbd43a854420

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.9.1

1.1.0

1.1.1

1.1.1.1

1.1.2

1.1.3

1.1.4

1.1.4.1

1.1.5

1.1.6

1.1.7

1.1.8

1.2.0

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.17

1.2.18

1.2.19

1.2.2

1.2.20

1.2.21

1.2.22

1.2.23

1.2.23.1

1.2.24

1.2.25

1.2.26

1.2.27

1.2.28

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.7.1

1.2.8

1.2.9

1.3.0

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.14

1.3.15

1.3.16

1.3.16.1

1.3.17

1.3.18

1.3.19

1.3.19.1

1.3.2

1.3.20

1.3.21

1.3.22

1.3.23

1.3.24

1.3.25

1.3.26

1.3.27

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4.0

1.4.0.1

1.4.1

1.4.10

1.4.11

1.4.12

1.4.13

1.4.14

1.4.15

1.4.16

1.4.17

1.4.18

1.4.19

1.4.2

1.4.20

1.4.21

1.4.21.1

1.4.22

1.4.23

1.4.24

1.4.25

1.4.26

1.4.27

1.4.28

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.1

1.5.10

1.5.11

1.5.12

1.5.13

1.5.13.1

1.5.13.2

1.5.14

1.5.15

1.5.16

1.5.17

1.5.18

1.5.19

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.1

1.6.10

1.6.11

1.6.12

1.6.13

1.6.14

1.6.15

1.6.16

1.6.17

1.6.18

1.6.19

1.6.2

1.6.20

1.6.21

1.6.22

1.6.23

1.6.24

1.6.25

1.6.26

1.6.27

1.6.28

1.6.29

1.6.3

1.6.30

1.6.31

1.6.32

1.6.33

1.6.34

1.6.35

1.6.36

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

2.*

2.0.0

2.0.0-beta.1

2.0.0-beta.10

2.0.0-beta.11

2.0.0-beta.12

2.0.0-beta.13

2.0.0-beta.14

2.0.0-beta.15

2.0.0-beta.16

2.0.0-beta.2

2.0.0-beta.3

2.0.0-beta.4

2.0.0-beta.5

2.0.0-beta.6

2.0.0-beta.7

2.0.0-beta.8

2.0.0-beta.9

2.0.1

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.2

2.0.20

2.0.21

2.0.22

2.0.23

2.0.23.1

2.0.24

2.0.25

2.0.25.1

2.0.26

2.0.27

2.0.27.1

2.0.28

2.0.29

2.0.3

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.34.1

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.4

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.44.1

2.0.45

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5