CVE-2019-19909

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19909
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19909.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19909
Published
2019-12-19T19:15:14Z
Modified
2024-09-03T02:33:21.431179Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Public Knowledge Project (PKP) pkp-lib before 3.1.2-2, as used in Open Journal Systems (OJS) before 3.1.2-2. Code injection can occur in the OJS report generator if an authenticated Journal Manager user visits a crafted URL, because unserialize is used.

References

Affected packages

Git / github.com/pkp/ojs

Affected ranges

Type
GIT
Repo
https://github.com/pkp/ojs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

3_1_2-0
3_1_2-1
ojs-2_0_0-0
ojs-2_0_1-0
ojs-2_0_2-0
ojs-2_0_2-1
ojs-2_1_0-0
ojs-2_1_0-1
ojs-2_1_1-0
ojs-2_1_1rc4
ojs-2_1b
ojs-2_2_0-0
ojs-2_2_0-b1
ojs-2_2_0-b2
ojs-2_2_1-0
ojs-2_2_1-b1
ojs-2_3_0-0
ojs-2_3_0-0rc1
ojs-2_3_1-0
ojs-2_3_1-1
ojs-2_3_1-2
ojs-2_3_3-0
ojs-2_3_3-1
ojs-2_4_0-0
ojs-3_0a1
ojs-3_0b1
ojs-3_1_2-0
ojs-3_1_2-1
ojs2-base-2_2_2