GHSA-vjwg-28gv-pm8h

Source

https://github.com/advisories/GHSA-vjwg-28gv-pm8h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-vjwg-28gv-pm8h/GHSA-vjwg-28gv-pm8h.json

Published

2024-04-24T17:02:33Z

Modified

2024-04-24T17:17:45.358469Z

Details

Impact

The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Patches

The package should be updated to at least 6.8.1 to avoid XSS vulnerability.

Workarounds

Upgrade pimcore to release 11.2.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

References

Affected packages

Packagist / pimcore/pimcore

Package

Name: pimcore/pimcore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0-ALPHA1

Fixed

11.2.3

Affected versions

v11.*

v11.0.0-ALPHA1

v11.0.0-BETA1

v11.0.0-ALPHA2

v11.0.0-ALPHA3

v11.0.0-ALPHA4

v11.0.0-ALPHA5

v11.0.0-ALPHA6

v11.0.0-ALPHA7

v11.0.0-ALPHA8

v11.0.0-RC1

v11.0.0-RC2

v11.0.0

v11.0.1

v11.0.2

v11.0.3

v11.0.4

v11.0.5

v11.0.6

v11.0.7

v11.0.8

v11.0.9

v11.0.10

v11.0.11

v11.0.12

v11.1.0-RC1

v11.1.0

v11.1.1

v11.1.2

v11.1.3

v11.1.4

v11.1.5

v11.1.6

v11.2.0

v11.2.1

v11.2.2