GHSA-2rh5-jvgx-pgw3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2rh5-jvgx-pgw3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-2rh5-jvgx-pgw3/GHSA-2rh5-jvgx-pgw3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2rh5-jvgx-pgw3
- Published
- 2021-09-14T20:25:13Z
- Modified
- 2024-12-02T05:44:17.453978Z
- Summary
- Any storage file can be downloaded from p.sh if full server path is known
- Details
-
The default configuration for platform.sh (.platform.app.yaml) allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows access to certain legacy files that should not be readable, including the legacy var directory and extension directories.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-200" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-09-14T18:35:38Z" }- References
Affected packages
Packagist / ezsystems/ezplatform
Package
- Name
- ezsystems/ezplatform
- Purl
- pkg:composer/ezsystems/ezplatform
Affected versions
v2.*
v2.0.0
v2.0.0.1
v2.0.0.2
v2.0.1
v2.0.2-rc1
v2.0.2
v2.1.0-beta1
v2.1.0-rc1
v2.1.0
v2.1.1-rc1
v2.1.1
v2.2.0-beta1
v2.2.0-rc1
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.3.1
v2.3.0-beta1
v2.3.0-rc1
v2.3.0-rc2
v2.3.0
v2.3.1
v2.3.2
v2.3.2.1
v2.3.2.2
v2.4.0-beta1
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2-rc1
v2.4.2
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-rc1
v2.5.0-rc2
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7-rc1
v2.5.7
v2.5.8-rc1
v2.5.8
v2.5.9-rc1
v2.5.9-rc2
v2.5.9
v2.5.10
v2.5.11
v2.5.12
v2.5.13
v2.5.14
v2.5.15
v2.5.16
v2.5.17
v2.5.18
v2.5.19
v2.5.20
v2.5.21
v2.5.22
v2.5.23
v2.5.24
Packagist / ezsystems/ezplatform
Package
- Name
- ezsystems/ezplatform
- Purl
- pkg:composer/ezsystems/ezplatform
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.6.1
Affected versions
v0.*
v0.5.0
v0.5.1
v0.7.0
v0.9.0
v0.9.1
v0.9.1.1
v0.9.2
v0.11.0
v1.*
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-beta3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-beta9
v1.0.0-beta10
v1.0.0-rc1
v1.0.0
v1.0.1
v1.1.0-rc1
v1.1.0-rc2
v1.1.0-rc3
v1.1.0
v1.2.0-rc2
v1.2.0-rc3
v1.2.0-rc4
v1.2.0-rc5
v1.2.0
v1.3.0-beta1
v1.3.0-rc1
v1.3.0-rc2
v1.3.0
v1.3.1-rc1
v1.3.1
v1.3.2-rc1
v1.3.2
v1.3.3-rc1
v1.3.3
v1.4.0-beta1
v1.4.0-rc1
v1.4.0
v1.4.1-rc1
v1.4.1-rc2
v1.4.1
v1.4.2-rc1
v1.4.2-rc2
v1.4.2-rc3
v1.4.2
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-rc1
v1.5.0-rc2
v1.5.0
v1.5.1-rc1
v1.5.1
v1.5.2-rc1
v1.5.2
v1.6.0-alpha1
v1.6.0-beta1
v1.6.0-rc1
v1.6.0
v1.6.0.1
v1.6.1-rc1
v1.6.1
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.7.0-rc1
v1.7.0
v1.7.1-rc1
v1.7.2-rc1
v1.7.2-rc2
v1.7.2
v1.7.3-rc1
v1.7.3-rc2
v1.7.3
v1.7.4-rc1
v1.7.4
v1.7.5-rc1
v1.7.5-rc2
v1.7.5
v1.7.6-rc1
v1.7.6
v1.7.7-rc1
v1.7.7-rc2
v1.7.7
v1.7.8-rc1
v1.7.8-rc2
v1.7.8
v1.7.8.1
v1.7.9-rc1
v1.7.9
v1.7.9.1
v1.8.0-beta1
v1.8.0-rc1
v1.8.0
v1.8.1-rc1
v1.8.1
v1.9.0-beta1
v1.9.0-beta2
v1.9.0-rc1
v1.9.0
v1.9.1-rc1
v1.9.1
v1.10.0-beta1
v1.10.0-beta2
v1.10.0-beta3
v1.10.0-rc1
v1.10.0-rc2
v1.10.0
v1.10.1-rc1
v1.10.1
v1.11.0-beta1
v1.11.0-rc1
v1.11.0
v1.11.0.1
v1.12.0-beta1
v1.12.0-beta2
v1.12.0-rc1
v1.12.0
v1.12.1-rc1
v1.12.1
v1.12.1.1
v1.12.2
v1.13.0-beta1
v1.13.0-beta2
v1.13.0-rc1
v1.13.0
v1.13.1-rc1
v1.13.1
v1.13.1.1
v1.13.2-rc1
v1.13.2
v1.13.3-rc1
v1.13.3
v1.13.4-beta1
v1.13.4-rc1
v1.13.4-rc2
v1.13.4
v1.13.4.1
v1.13.5-rc1
v1.13.5-rc2
v1.13.5
v1.13.5.1
v1.13.5.2
v1.13.6-rc1
v1.13.6
1.*
1.2.0-rc6
1.2.0-rc7
1.9.1-rc2