CVE-2024-36119

Summary

Password confirmation stored in plain text via registration form in statamic/cms

Severity

low

EPSS

0.1% (p3)

Also known as

GHSA-qvpj-w7xj-r6w9

Published

2024-06-02

References

• https://github.com/statamic/cms/security/advisories/GHSA-qvpj-w7xj-r6w9
• https://nvd.nist.gov/vuln/detail/CVE-2024-36119
• https://github.com/statamic/cms/commit/0b804306c96c99b81755d5bd02df87ddf392853e

Related advisories

• CVE-2026-27593 — critical · Packagist/statamic/cms
• CVE-2026-41175 — high · Packagist/statamic/cms
• CVE-2026-33172 — high · Packagist/statamic/cms
• CVE-2026-28426 — high · Packagist/statamic/cms
• CVE-2026-28425 — high · Packagist/statamic/cms
• CVE-2026-27939 — high · Packagist/statamic/cms
• CVE-2026-27196 — high · Packagist/statamic/cms
• CVE-2026-25759 — high · Packagist/statamic/cms

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity