PHP/sulu/sulu/2.0.0-alpha6
Core framework that implements the functionality of the Sulu content management system
https://packagist.org/packages/sulu/sulu
MIT
1 Security Vulnerabilities
GHSA-6h7h-m7p5-hjqp
Published date: 2026-03-30T18:04:10Z
CVE: CVE-2026-34372
Links:
Sulu checks fix permissions for subentities endpoints
Impact
A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts.
Patches
The issue was patched in release 2.6.22 and 3.0.5.
Workarounds
Create a Symfony Request Listener checking the permissions for the specific roles.
Resources
Github Advisory: https://github.com/sulu/sulu/security/advisories/GHSA-6h7h-m7p5-hjqp
Affected versions: ["3.0.4", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.6.21", "2.6.20", "2.6.19", "2.6.18", "2.6.17", "2.6.16", "2.6.15", "2.6.14", "2.6.13", "2.6.12", "2.6.11", "2.6.10", "2.6.9", "2.6.8", "2.6.7", "2.6.6", "2.6.5", "2.6.4", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "2.6.0-RC2", "2.6.0-RC1", "2.5.33", "2.5.32", "2.5.31", "2.5.30", "2.5.29", "2.5.28", "2.5.27", "2.5.26", "2.5.25", "2.5.24", "2.5.23", "2.5.22", "2.5.21", "2.5.20", "2.5.19", "2.5.18", "2.5.17", "2.5.16", "2.5.15", "2.5.14", "2.5.13", "2.5.12", "2.5.11", "2.5.10", "2.5.9", "2.5.8", "2.5.7", "2.5.6", "2.5.5", "2.5.4", "2.5.3", "2.5.2", "2.5.1", "2.5.0", "2.5.0-alpha1", "2.4.20", "2.4.19", "2.4.18", "2.4.17", "2.4.16", "2.4.15", "2.4.14", "2.4.13", "2.4.12", "2.4.11", "2.4.10", "2.4.9", "2.4.8", "2.4.7", "2.4.6", "2.4.5", "2.4.4", "2.4.3", "2.4.2", "2.4.1", "2.4.0", "2.4.0-RC1", "2.3.13", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.8", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.3.1", "2.3.0", "2.3.0-RC2", "2.3.0-RC1", "2.2.19", "2.2.18", "2.2.17", "2.2.16", "2.2.15", "2.2.14", "2.2.13", "2.2.12", "2.2.11", "2.2.10", "2.2.9", "2.2.8", "2.2.7", "2.2.6", "2.2.5", "2.2.4", "2.2.3", "2.2.2", "2.2.1", "2.2.0", "2.2.0-RC1", "2.1.14", "2.1.13", "2.1.12", "2.1.11", "2.1.10", "2.1.9", "2.1.8", "2.1.7", "2.1.6", "2.1.5", "2.1.4", "2.1.3", "2.1.2", "2.1.1", "2.1.0", "2.1.0-RC2", "2.1.0-RC1", "2.0.12", "2.0.11", "2.0.10", "2.0.9", "2.0.8", "2.0.7", "2.0.6", "2.0.5", "2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0-RC3", "2.0.0-RC2", "2.0.0-RC1", "2.0.0-alpha6", "2.0.0-alpha5", "2.0.0-alpha4", "2.0.0-alpha3", "2.0.0-alpha2", "2.0.0-alpha1", "1.6.46", "1.6.45", "1.6.44", "1.6.43", "1.6.42", "1.6.41", "1.6.40", "1.6.39", "1.6.38", "1.6.37", "1.6.36", "1.6.35", "1.6.34", "1.6.33", "1.6.32", "1.6.31", "1.6.30", "1.6.29", "1.6.28", "1.6.27", "1.6.26", "1.6.25", "1.6.24", "1.6.23", "1.6.22", "1.6.21", "1.6.20", "1.6.19", "1.6.18", "1.6.17", "1.6.16", "1.6.15", "1.6.14", "1.6.13", "1.6.12", "1.6.11", "1.6.10", "1.6.9", "1.6.8", "1.6.7", "1.6.6", "1.6.5", "1.6.4", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.6.0-RC1", "1.5.24", "1.5.23", "1.5.22", "1.5.21", "1.5.20", "1.5.19", "1.5.18", "1.5.17", "1.5.16", "1.5.15", "1.5.14", "1.5.13", "1.5.12", "1.5.11", "1.5.10", "1.5.9", "1.5.8", "1.5.7", "1.5.6", "1.5.5", "1.5.4", "1.5.3", "1.5.2", "1.5.1", "1.5.0", "1.5.0-RC3", "1.5.0-RC2", "1.5.0-RC1", "1.4.12", "1.4.11", "1.4.10", "1.4.9", "1.4.8", "1.4.7", "1.4.6", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.4.0-RC2", "1.4.0-RC1", "1.3.11", "1.3.10", "1.3.9", "1.3.8", "1.3.7", "1.3.6", "1.3.5", "1.3.4", "1.3.3", "1.3.2", "1.3.1", "1.3.0", "1.3.0-RC3", "1.3.0-RC2", "1.3.0-RC1", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.2.0-RC4", "1.2.0-RC3", "1.2.0-RC2", "1.2.0-RC1", "1.1.12", "1.1.11", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.1.0-RC2", "1.1.0-RC1", "1.1.0-beta1", "1.0.15", "1.0.14", "1.0.13", "1.0.12", "1.0.11", "1.0.10", "1.0.9", "1.0.8", "1.0.7", "1.0.6", "1.0.5", "1.0.4", "1.0.3", "1.0.2", "1.0.1", "1.0.0"]
Secure versions: [2.6.22, 3.0.0-RC1, 3.0.0-RC2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-alpha5, 3.0.0-beta1, 3.0.0-beta2, 3.0.0-beta3, 3.0.0-beta4, 3.0.5]
Recommendation: Update to version 3.0.5.
381 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 1.5.0-RC1 | MIT | 5 | 2017-02-13 - 13:29 | about 9 years |
| 1.4.12 | MIT | 5 | 2017-04-06 - 15:49 | about 9 years |
| 1.4.11 | MIT | 5 | 2017-03-22 - 14:47 | about 9 years |
| 1.4.10 | MIT | 5 | 2017-03-15 - 17:01 | about 9 years |
| 1.4.9 | MIT | 5 | 2017-03-06 - 08:06 | about 9 years |
| 1.4.8 | MIT | 5 | 2017-02-28 - 08:30 | about 9 years |
| 1.4.7 | MIT | 5 | 2017-02-13 - 08:36 | about 9 years |
| 1.4.6 | MIT | 5 | 2017-02-03 - 12:23 | about 9 years |
| 1.4.5 | MIT | 5 | 2017-01-16 - 10:52 | over 9 years |
| 1.4.4 | MIT | 5 | 2017-01-12 - 16:48 | over 9 years |
| 1.4.3 | MIT | 5 | 2016-12-21 - 16:36 | over 9 years |
| 1.4.2 | MIT | 5 | 2016-11-24 - 12:31 | over 9 years |
| 1.4.1 | MIT | 5 | 2016-11-11 - 12:48 | over 9 years |
| 1.4.0 | MIT | 5 | 2016-11-10 - 15:04 | over 9 years |
| 1.4.0-RC2 | MIT | 5 | 2016-11-03 - 08:57 | over 9 years |
| 1.4.0-RC1 | MIT | 5 | 2016-10-06 - 08:00 | over 9 years |
| 1.3.11 | MIT | 5 | 2017-03-06 - 07:17 | about 9 years |
| 1.3.10 | MIT | 5 | 2017-02-28 - 07:11 | about 9 years |
| 1.3.9 | MIT | 5 | 2017-02-03 - 09:37 | about 9 years |
| 1.3.8 | MIT | 5 | 2017-01-30 - 12:25 | about 9 years |
| 1.3.7 | MIT | 5 | 2017-01-12 - 15:49 | over 9 years |
| 1.3.6 | MIT | 5 | 2017-01-10 - 14:20 | over 9 years |
| 1.3.5 | MIT | 5 | 2016-11-24 - 10:49 | over 9 years |
| 1.3.4 | MIT | 5 | 2016-11-14 - 13:06 | over 9 years |
| 1.3.3 | MIT | 5 | 2016-11-10 - 08:31 | over 9 years |
| 1.3.2 | MIT | 5 | 2016-11-03 - 08:29 | over 9 years |
| 1.3.1 | MIT | 5 | 2016-09-15 - 14:26 | over 9 years |
| 1.3.0 | MIT | 5 | 2016-08-11 - 09:24 | over 9 years |
| 1.3.0-RC3 | MIT | 5 | 2016-08-08 - 07:47 | over 9 years |
| 1.3.0-RC2 | MIT | 5 | 2016-07-28 - 15:30 | over 9 years |
| 1.3.0-RC1 | MIT | 5 | 2016-07-22 - 08:32 | almost 10 years |
| 1.2.9 | MIT | 5 | 2016-11-07 - 13:40 | over 9 years |
| 1.2.8 | MIT | 5 | 2016-10-03 - 08:36 | over 9 years |
| 1.2.7 | MIT | 5 | 2016-07-18 - 12:38 | almost 10 years |
| 1.2.6 | MIT | 5 | 2016-07-05 - 15:25 | almost 10 years |
| 1.2.5 | MIT | 5 | 2016-06-30 - 12:53 | almost 10 years |
| 1.2.4 | MIT | 5 | 2016-06-28 - 15:40 | almost 10 years |
| 1.2.3 | MIT | 5 | 2016-06-01 - 13:17 | almost 10 years |
| 1.2.2 | MIT | 5 | 2016-05-10 - 07:53 | almost 10 years |
| 1.2.1 | MIT | 5 | 2016-04-27 - 09:34 | almost 10 years |
| 1.2.0 | MIT | 5 | 2016-04-12 - 06:59 | about 10 years |
| 1.2.0-RC4 | MIT | 5 | 2016-04-04 - 16:45 | about 10 years |
| 1.2.0-RC3 | MIT | 5 | 2016-03-29 - 15:34 | about 10 years |
| 1.2.0-RC2 | MIT | 5 | 2016-03-24 - 16:46 | about 10 years |
| 1.2.0-RC1 | MIT | 5 | 2016-03-18 - 19:16 | about 10 years |
| 1.1.12 | MIT | 5 | 2016-04-26 - 15:26 | almost 10 years |
| 1.1.11 | MIT | 5 | 2016-04-04 - 13:00 | about 10 years |
| 1.1.10 | MIT | 5 | 2016-03-07 - 09:35 | about 10 years |
| 1.1.9 | MIT | 5 | 2016-02-05 - 08:53 | about 10 years |
| 1.1.8 | MIT | 5 | 2016-02-01 - 07:25 | about 10 years |