GHSA-q8cr-xphm-7gfv

Suggest an improvement
Source
https://github.com/advisories/GHSA-q8cr-xphm-7gfv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q8cr-xphm-7gfv/GHSA-q8cr-xphm-7gfv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-q8cr-xphm-7gfv
Aliases
Published
2022-05-13T01:24:28Z
Modified
2024-04-25T21:58:40.814645Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Akeneo PIM vulnerable to shell injection in the mass edition
Details

Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.

Database specific
{
    "nvd_published_at": "2017-07-17T13:18:00Z",
    "cwe_ids": [
        "CWE-78"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T21:34:47Z"
}
References

Affected packages

Packagist / akeneo/pim-community-dev

Package

Name
akeneo/pim-community-dev
Purl
pkg:composer/akeneo/pim-community-dev

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.4
Fixed
1.4.28

Affected versions

v1.*

v1.4.0-ALPHA1
v1.4.0-BETA1
v1.4.0-BETA2
v1.4.0-BETA3
v1.4.0-RC1
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.20
v1.4.21
v1.4.22
v1.4.23
v1.4.24
v1.4.25
v1.4.26
v1.4.27

Packagist / akeneo/pim-community-dev

Package

Name
akeneo/pim-community-dev
Purl
pkg:composer/akeneo/pim-community-dev

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.5
Fixed
1.5.15

Affected versions

v1.*

v1.5.0-ALPHA1
v1.5.0-BETA1
v1.5.0-RC1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14

Packagist / akeneo/pim-community-dev

Package

Name
akeneo/pim-community-dev
Purl
pkg:composer/akeneo/pim-community-dev

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6
Fixed
1.6.6

Affected versions

v1.*

v1.6.0-ALPHA1
v1.6.0-ALPHA2
v1.6.0-RC1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5