SonicJs-Org/sonicjs

GitHub

github.com

sonicjs.com

Releases56

Frequency1 month 1 week

Last Release 16 days ago

Stars1.59K

SonicJS - The edge-native headless CMS for Cloudflare Workers. Sub-100ms response times, zero cold starts, TypeScript-first. Built on D1, R2, and Hono.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-33690 ↗	Jun 5, 2023Monday, 5 June 2023, 16:15	6.5 MEDIUM	—
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS.
CVE-2022-42002 ↗	Oct 1, 2022Saturday, 1 October 2022, 00:15	9.1 CRITICAL	—
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.