GHSA-m58q-qq5h-mgqq

Suggest an improvement
Source
https://github.com/advisories/GHSA-m58q-qq5h-mgqq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-m58q-qq5h-mgqq/GHSA-m58q-qq5h-mgqq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-m58q-qq5h-mgqq
Published
2022-07-21T22:36:20Z
Modified
2024-11-28T05:46:13.804130Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Details

Impact

This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.

Patches

Upgrade immediately to the latest release of Islandora.

Workarounds

In lieu of an upgrade the following module can be leveraged that will resolve the issue until such a time an upgrade can take place.

For more information

If you have any questions or comments about this advisory: * Open an issue in Islandora * Contact community@islandora.ca.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-21T22:36:20Z"
}
References

Affected packages

Packagist / islandora/islandora

Package

Name
islandora/islandora
Purl
pkg:composer/islandora/islandora

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0
Fixed
2.4.1

Affected versions

2.*

2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.4.0