GHSA-q8cr-xphm-7gfv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q8cr-xphm-7gfv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q8cr-xphm-7gfv/GHSA-q8cr-xphm-7gfv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q8cr-xphm-7gfv
- Aliases
- Published
- 2022-05-13T01:24:28Z
- Modified
- 2024-04-25T21:57:34.317446Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Akeneo PIM vulnerable to shell injection in the mass edition
- Details
-
Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.
- Database specific
{ "nvd_published_at": "2017-07-17T13:18:00Z", "cwe_ids": [ "CWE-78" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-25T21:34:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000009
- https://github.com/akeneo/pim-community-dev
- https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2
- https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes
- https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2
Affected packages
Packagist / akeneo/pim-community-dev
Package
- Name
- akeneo/pim-community-dev
- Purl
- pkg:composer/akeneo/pim-community-dev
Affected versions
v1.*
v1.4.0-ALPHA1
v1.4.0-BETA1
v1.4.0-BETA2
v1.4.0-BETA3
v1.4.0-RC1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27
Packagist / akeneo/pim-community-dev
Package
- Name
- akeneo/pim-community-dev
- Purl
- pkg:composer/akeneo/pim-community-dev
Packagist / akeneo/pim-community-dev
Package
- Name
- akeneo/pim-community-dev
- Purl
- pkg:composer/akeneo/pim-community-dev