GHSA-39j2-4p9j-5w4j

Suggest an improvement
Source
https://github.com/advisories/GHSA-39j2-4p9j-5w4j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-39j2-4p9j-5w4j/GHSA-39j2-4p9j-5w4j.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-39j2-4p9j-5w4j
Published
2024-05-15T21:32:29Z
Modified
2024-11-29T05:30:54.928532Z
Summary
Ez Platform Object Injection in legacy shop module
Details

This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that's why it was classified as Medium severity.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:32:29Z"
}
References

Affected packages

Packagist / ezsystems/ezpublish-legacy

Package

Name
ezsystems/ezpublish-legacy
Purl
pkg:composer/ezsystems/ezpublish-legacy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2019.3.0
Fixed
2019.3.5.1

Affected versions

v2019.*

v2019.03.0
v2019.03.1
v2019.03.2
v2019.03.3
v2019.03.4
v2019.03.4.2
v2019.03.5

Packagist / ezsystems/ezpublish-legacy

Package

Name
ezsystems/ezpublish-legacy
Purl
pkg:composer/ezsystems/ezpublish-legacy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2017.12.0
Fixed
2017.12.7.3

Affected versions

v2017.*

v2017.12.0
v2017.12.1
v2017.12.1.1
v2017.12.2
v2017.12.2.1
v2017.12.2.2
v2017.12.3
v2017.12.3.1
v2017.12.3.2
v2017.12.4
v2017.12.4.1
v2017.12.4.2
v2017.12.4.3
v2017.12.5
v2017.12.6
v2017.12.7
v2017.12.7.2

Packagist / ezsystems/ezpublish-legacy

Package

Name
ezsystems/ezpublish-legacy
Purl
pkg:composer/ezsystems/ezpublish-legacy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.14.2