Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Getgrav
Getgrav grav |
|
| Vendors & Products |
Getgrav
Getgrav grav |
Fri, 10 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, or directory depth. This issue is fixed in version 2.0.0. | |
| Title | Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip() | |
| Weaknesses | CWE-409 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-10T19:04:53.166Z
Reserved: 2026-07-02T19:53:48.831Z
Link: CVE-2026-59193
Updated: 2026-07-10T19:04:24.745Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T18:30:16Z