ezsystems/ezplatform-kernel Security Advisories (11)
-
[HIGH] eZ Platform Object Injection in SiteAccessMatchListener
PKSA-5bhj-2b2d-4pqz GHSA-2w9p-xxqr-h253
Affected version: >=1.0.0,<1.0.3
Reported by:
GitHub -
[MEDIUM] Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
PKSA-3msp-xw4j-3xr3 GHSA-mwvh-p3hx-x4gg
Affected version: >=1.3.0,<1.3.35
Reported by:
GitHub -
[LOW] Ibexa ezplatform-kernel download route allows filename change
PKSA-z37x-rjqb-mt9j GHSA-gv2c-5g79-h73c
Affected version: >=1.3.0,<1.3.34
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in eZ Platform Ibexa Kernel
PKSA-7tm8-4ykx-ssbs CVE-2021-46875 GHSA-c737-jhwr-fqxj
Affected version: >=1.3.0,<1.3.1.1|>=1.2.0,<1.2.5.1
Reported by:
GitHub -
[HIGH] Company admin role gives excessive privileges in eZ Platform Ibexa
PKSA-c6tp-6n5r-v194 CVE-2022-48365 GHSA-qq2j-9pf8-g58c
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub -
[LOW] Timing attack in eZ Platform Ibexa
PKSA-8588-c24p-mwqr CVE-2022-48366 GHSA-66m4-gc8h-hpjx
Affected version: >=1.3.0,<1.3.19
Reported by:
GitHub -
[CRITICAL] eZ Platform users with the Company admin role can assign any role to any user
PKSA-5mhb-r9jf-ccp3 GHSA-8h83-chh2-fchp
Affected version: >=1.3.0,<1.3.26
Reported by:
GitHub -
[CRITICAL] Login timing attack in ezsystems/ezplatform-kernel
PKSA-ssmb-br6s-zrg7 GHSA-342c-vcff-2ff2
Affected version: >=1.3.0,<1.3.19
Reported by:
GitHub -
[CRITICAL] Object state limitation has no effect
PKSA-3cph-m8cm-pv53 GHSA-w8qp-hmh5-4v9v
Affected version: >=1.3.0,<1.3.17
Reported by:
GitHub -
[MEDIUM] Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
PKSA-1gmn-9nj3-8bp6 CVE-2022-25336 GHSA-x8xx-x82q-42q3
Affected version: >=1.3.0,<1.3.12
Reported by:
GitHub -
[HIGH] EZSA-2020-004 Object Injection in SiteAccessMatchListener
PKSA-pckc-3gmb-mtvd GHSA-mrvj-7q4f-5p42
Affected version: >=1.0.0,<1.0.2.1
Reported by:
FriendsOfPHP/security-advisories, GitHub