GHSA-fr72-9665-w3gr

Source

https://github.com/advisories/GHSA-fr72-9665-w3gr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-fr72-9665-w3gr/GHSA-fr72-9665-w3gr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fr72-9665-w3gr

Withdrawn

2024-02-26T17:19:38Z

Published

2024-02-22T06:30:33Z

Modified

2024-11-30T05:31:08.504679Z

Summary

Duplicate Advisory: Unrestricted file upload of user avatar images

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xrvh-rvc4-5m43. This link is maintained to preserve external references.

Original Description

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

Database specific

{
    "nvd_published_at": "2024-02-22T05:15:09Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-26T17:19:38Z"
}

References

Affected packages

Packagist / getkirby/cms

Package

Name: getkirby/cms
Purl: pkg:composer/getkirby/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.1

Affected versions

3.*

3.0.0

3.0.1-rc.1

3.0.1

3.0.2-rc.1

3.0.2

3.0.3-rc.1

3.0.3-rc.2

3.0.3-rc.3

3.0.3

3.1.0-rc.1

3.1.0

3.1.1

3.1.2-rc.1

3.1.2

3.1.3-rc.1

3.1.3

3.1.4-rc.1

3.1.4

3.2.0-rc.1

3.2.0-rc.2

3.2.0-rc.3

3.2.0-rc.4

3.2.0

3.2.1-rc.1

3.2.1

3.2.2

3.2.3-rc.1

3.2.3

3.2.4-rc.1

3.2.4

3.2.5-rc.1

3.2.5-rc.2

3.2.5

3.3.0-rc.1

3.3.0-rc.2

3.3.0-rc.3

3.3.0-rc.4

3.3.0-rc.5

3.3.0

3.3.1-rc.1

3.3.1

3.3.2-rc.1

3.3.2

3.3.3-rc.1

3.3.3

3.3.4-rc.1

3.3.4

3.3.5-rc.1

3.3.5

3.3.6

3.4.0-rc.1

3.4.0-rc.2

3.4.0-rc.3

3.4.0

3.4.1-rc.1

3.4.1

3.4.2

3.4.3-rc.1

3.4.3

3.4.4-rc.1

3.4.4

3.4.5

3.5.0-rc.1

3.5.0-rc.2

3.5.0-rc.3

3.5.0-rc.4

3.5.0-rc.5

3.5.0-rc.6

3.5.0-rc.7

3.5.0

3.5.1-rc.1

3.5.1

3.5.2-rc.1

3.5.2

3.5.3

3.5.3.1

3.5.4

3.5.5-rc.1

3.5.5

3.5.6-rc.1

3.5.6

3.5.7-rc.1

3.5.7

3.5.7.1

3.5.8

3.5.8.1

3.5.8.2

3.5.8.3

3.5.8.4

3.6.0-alpha.1

3.6.0-alpha.2

3.6.0-alpha.3

3.6.0-alpha.4

3.6.0-beta.1

3.6.0-beta.2

3.6.0-beta.3

3.6.0-rc.1

3.6.0-rc.2

3.6.0-rc.3

3.6.0-rc.4

3.6.0-rc.5

3.6.0

3.6.1

3.6.1.1

3.6.2-rc.1

3.6.2-rc.2

3.6.2-rc.3

3.6.2

3.6.3-rc.1

3.6.3-rc.2

3.6.3

3.6.3.1

3.6.4-rc.1

3.6.4

3.6.5-rc.1

3.6.5

3.6.6-rc.1

3.6.6

3.6.6.1

3.6.6.2

3.6.6.3

3.6.6.4

3.6.6.5

3.6.6.6

3.7.0-rc.1

3.7.0-rc.2

3.7.0-rc.3

3.7.0

3.7.0.1

3.7.0.2

3.7.1-rc.1

3.7.1

3.7.2-rc.1

3.7.2

3.7.2.1

3.7.3-rc.1

3.7.3

3.7.4-rc.1

3.7.4

3.7.5

3.7.5.1

3.7.5.2

3.7.5.3

3.7.5.4

3.7.5.5

3.8.0-rc.1

3.8.0-rc.2

3.8.0-rc.3

3.8.0

3.8.1-rc.1

3.8.1

3.8.1.1

3.8.2-rc.1

3.8.2

3.8.3-rc.1

3.8.3-rc.2

3.8.3

3.8.4

3.8.4.1

3.8.4.2

3.8.4.3

3.8.4.4

3.9.0-rc.1

3.9.0-rc.2

3.9.0

3.9.1-rc.1

3.9.1

3.9.2-rc.1

3.9.2

3.9.3-rc.1

3.9.3

3.9.4-rc.1

3.9.4

3.9.5-rc.1

3.9.5

3.9.6-rc.1

3.9.6

3.9.6.1

3.9.7-rc.1

3.9.7

3.9.8-rc.1

3.9.8

3.9.8.1

3.9.8.2

3.10.0

3.10.0.1

3.10.1

3.10.1.1

4.*

4.0.0-alpha.1

4.0.0-alpha.2

4.0.0-alpha.3

4.0.0-alpha.4

4.0.0-alpha.5

4.0.0-alpha.6

4.0.0-alpha.7

4.0.0-beta.1

4.0.0-beta.2

4.0.0-beta.3

4.0.0-rc.1

4.0.0-rc.2

4.0.0-rc.3

4.0.0-rc.4

4.0.0

4.0.1

4.0.2

4.0.3

4.1.0-rc.1

4.1.0-rc.2

4.1.0-rc.3

4.1.0

Database specific

{
    "last_known_affected_version_range": "<= 4.1.0"
}