GHSA-44m4-9cjp-j587

Suggest an improvement
Source
https://github.com/advisories/GHSA-44m4-9cjp-j587
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-44m4-9cjp-j587/GHSA-44m4-9cjp-j587.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-44m4-9cjp-j587
Published
2022-01-21T23:24:14Z
Modified
2024-12-04T05:41:06.113508Z
Summary
IBX-1392: Image filenames sanitization
Details

ezsystems/ezpublish-kernel versions 7.5.* before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-19T16:14:58Z"
}
References

Affected packages

Packagist / ezsystems/ezpublish-kernel

Package

Name
ezsystems/ezpublish-kernel
Purl
pkg:composer/ezsystems/ezpublish-kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.5.0
Fixed
7.5.26

Affected versions

v7.*

v7.5.0
v7.5.1
v7.5.2
v7.5.3
v7.5.4
v7.5.5
v7.5.6-rc1
v7.5.6
v7.5.6.2
v7.5.7-rc1
v7.5.7
v7.5.7.1
v7.5.8
v7.5.9
v7.5.9.1
v7.5.10
v7.5.11
v7.5.12
v7.5.13
v7.5.14
v7.5.15
v7.5.15.1
v7.5.15.2
v7.5.16
v7.5.17
v7.5.18
v7.5.19
v7.5.20
v7.5.21
v7.5.22
v7.5.23
v7.5.24
v7.5.25