GHSA-qh6w-pq52-qxxq

Suggest an improvement
Source
https://github.com/advisories/GHSA-qh6w-pq52-qxxq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-qh6w-pq52-qxxq/GHSA-qh6w-pq52-qxxq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qh6w-pq52-qxxq
Aliases
Published
2023-02-19T03:30:18Z
Modified
2023-11-01T05:00:43.715803Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Pixelfed may allow unauthorized actor to view private posts
Details

Improper Authorization in GitHub repository pixelfed/pixelfed 0.11.4 and prior.

Database specific 
{
    "github_reviewed_at": "2023-02-22T00:04:37Z",
    "nvd_published_at": "2023-02-19T01:15:00Z",
    "cwe_ids": [
        "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}
References

Affected packages

Packagist / pixelfed/pixelfed

Package

Name
pixelfed/pixelfed
Purl
pkg:composer/pixelfed/pixelfed

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.11.4

Affected versions

v0.*

v0.1.9
v0.5.9
v0.6.0
v0.6.1
v0.7.6
v0.8.0
v0.8.5
v0.8.6
v0.9.0
v0.9.4
v0.9.5
v0.9.6
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.10.8
v0.10.9
v0.10.10
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.11.4