GHSA-79m3-q3wh-c3qm

Source

https://github.com/advisories/GHSA-79m3-q3wh-c3qm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-79m3-q3wh-c3qm/GHSA-79m3-q3wh-c3qm.json

Aliases

BIT-publify-2022-0574
CVE-2022-0574

Published

2022-05-17T00:01:25Z

Modified

2024-02-16T08:21:50.294477Z

Details

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Anonymous users can't view but can leave comments on an article in draft mode.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-0574
https://github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739
https://github.com/publify/publify
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2022-0574.yml
https://huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f

Affected packages

RubyGems / publify_core

Package

Name: publify_core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

9.2.8

Affected versions

9.*

9.0.0.pre1

9.0.0.pre2

9.0.0.pre3

9.0.0.pre4

9.0.0.pre5

9.0.0.pre6

9.0.0

9.0.1

9.1.0

9.2.0

9.2.1

9.2.2

9.2.3

9.2.4

9.2.5

9.2.6

9.2.7