Cachet - 5 CVEs (Page 1/1)

About “Cachet”

A curated feed of “Cachet”-related CVEs appears below. We currently track 5 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 8.7 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection), CWE-704 - Incorrect Type Conversion or Cast.

In our taxonomy this topic maps to a LOW impact class. Logging and monitoring stacks may expose dashboards or collectors. Patch services, enforce auth and TLS, restrict admin endpoints, rotate tokens, and review data retention. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: cachet

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
2.4	2023-10-27	2.4.1	-
2.3	2016-06-27	2.3.18	2023-10-27 Expired
2.2	2016-03-27	2.2.4	2016-06-27 Expired
2.1	2016-02-06	2.1.2	2016-03-27 Expired
2.0	2015-11-22	2.0.4	2016-02-06 Expired
1.2	2015-08-18	1.2.1	2015-11-22 Expired
1.1	2015-08-01	1.1.1	2015-08-19 Expired
1.0	2015-06-19	1.0.0	2015-08-01 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired) · ICS

Subscribe CVEs: RSS for “Cachet” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2023-10-11

High

CVE-2023-43661

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtr…

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD

2021-08-28

High

CVE-2021-39174

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv f…

CVSS: 8.8 CWE: CWE-75 - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) View on NVD

2021-08-27

High

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to ar…

CVSS: 8.8 CWE: CWE-704 - Incorrect Type Conversion or Cast View on NVD

High

CVE-2021-39172

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition…

CVSS: 8.8 CWE: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection') View on NVD

2021-08-26

High

CVE-2021-39165

Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize…

CVSS: 8.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD