Skip to content

IBX-1392: Image filenames sanitization

High severity GitHub Reviewed Published Jan 18, 2022 in ezsystems/ezpublish-kernel • Updated Jan 11, 2023

Package

composer ezsystems/ezpublish-kernel (Composer)

Affected versions

>= 7.5.0, < 7.5.26

Patched versions

7.5.26

Description

ezsystems/ezpublish-kernel versions 7.5.* before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files.

References

@glye glye published to ezsystems/ezpublish-kernel Jan 18, 2022
Reviewed Jan 19, 2022
Published to the GitHub Advisory Database Jan 21, 2022
Last updated Jan 11, 2023

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-44m4-9cjp-j587

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.