GHSA-39j2-4p9j-5w4j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-39j2-4p9j-5w4j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-39j2-4p9j-5w4j/GHSA-39j2-4p9j-5w4j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-39j2-4p9j-5w4j
- Published
- 2024-05-15T21:32:29Z
- Modified
- 2024-11-29T05:26:35.611726Z
- Summary
- Ez Platform Object Injection in legacy shop module
- Details
-
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that's why it was classified as Medium severity.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-94" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-15T21:32:29Z" }- References
Affected packages
Packagist / ezsystems/ezpublish-legacy
Package
- Name
- ezsystems/ezpublish-legacy
- Purl
- pkg:composer/ezsystems/ezpublish-legacy
Packagist / ezsystems/ezpublish-legacy
Package
- Name
- ezsystems/ezpublish-legacy
- Purl
- pkg:composer/ezsystems/ezpublish-legacy
Packagist / ezsystems/ezpublish-legacy
Package
- Name
- ezsystems/ezpublish-legacy
- Purl
- pkg:composer/ezsystems/ezpublish-legacy