ibexa/core Security Advisories (5)
-
[MEDIUM] Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
PKSA-57bk-pwm5-t5tq GHSA-9j39-4686-m3c4
Affected version: >=4.6.0,<4.6.2|>=4.5.0,<4.5.6
Reported by:
GitHub -
[LOW] Ibexa DXP Download route allows filename change
PKSA-tkd9-5b5p-5rkj GHSA-g95c-xc83-8353
Affected version: >=4.5.0,<4.5.4
Reported by:
GitHub -
[CRITICAL] Ibexa DXP users with the Company admin role can assign any role to any user
PKSA-z1sg-jk1v-79r5 GHSA-394j-x37r-2q27
Affected version: >=4.2.0,<4.2.3
Reported by:
GitHub -
[CRITICAL] Login timing attack in ibexa/core
PKSA-33kf-45bv-4rz6 GHSA-2x4v-g8cx-jxrq
Affected version: >=4.1.0,<4.1.4|>=4.0.0,<4.0.7
Reported by:
GitHub -
[CRITICAL] Object state limitation has no effect
PKSA-yr3r-6284-yj76 GHSA-gvj8-4cj4-h776
Affected version: >=4.1.0,<4.1.2|>=4.0.0,<4.0.5
Reported by:
GitHub