GHSA-44m4-9cjp-j587

Source

https://github.com/advisories/GHSA-44m4-9cjp-j587

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-44m4-9cjp-j587/GHSA-44m4-9cjp-j587.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-44m4-9cjp-j587

Published

2022-01-21T23:24:14Z

Modified

2024-12-04T05:42:04.230003Z

Summary

IBX-1392: Image filenames sanitization

Details

ezsystems/ezpublish-kernel versions 7.5.* before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-19T16:14:58Z"
}

References

Affected packages

Packagist / ezsystems/ezpublish-kernel

Package

Name: ezsystems/ezpublish-kernel
Purl: pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.5.0

Fixed

7.5.26

Affected versions

v7.*

v7.5.0

v7.5.1

v7.5.2

v7.5.3

v7.5.4

v7.5.5

v7.5.6-rc1

v7.5.6

v7.5.6.2

v7.5.7-rc1

v7.5.7

v7.5.7.1

v7.5.8

v7.5.9

v7.5.9.1

v7.5.10

v7.5.11

v7.5.12

v7.5.13

v7.5.14

v7.5.15

v7.5.15.1

v7.5.15.2

v7.5.16

v7.5.17

v7.5.18

v7.5.19

v7.5.20

v7.5.21

v7.5.22

v7.5.23

v7.5.24

v7.5.25