GHSA-m58q-qq5h-mgqq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m58q-qq5h-mgqq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-m58q-qq5h-mgqq/GHSA-m58q-qq5h-mgqq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m58q-qq5h-mgqq
- Published
- 2022-07-21T22:36:20Z
- Modified
- 2024-11-28T05:44:01.860547Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
- Details
-
Impact
This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.
Patches
Upgrade immediately to the latest release of Islandora.
Workarounds
In lieu of an upgrade the following module can be leveraged that will resolve the issue until such a time an upgrade can take place.
For more information
If you have any questions or comments about this advisory: * Open an issue in Islandora * Contact community@islandora.ca.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2022-07-21T22:36:20Z" }- References
Affected packages
Packagist / islandora/islandora
Package
- Name
- islandora/islandora
- Purl
- pkg:composer/islandora/islandora