Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00NG00LTljanAtajU4N80kcg

IBX-1392: Image filenames sanitization

ezsystems/ezpublish-kernel versions 7.5.* before 7.5.26 are vulnerable to certain injection attacks and unauthorized access to some image files.

Permalink: https://github.com/advisories/GHSA-44m4-9cjp-j587
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NG00LTljanAtajU4N80kcg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: almost 2 years ago


Identifiers: GHSA-44m4-9cjp-j587
References: Repository: https://github.com/ezsystems/ezpublish-kernel
Blast Radius: 0.0

Affected Packages

packagist:ezsystems/ezpublish-kernel
Dependent packages: 230
Dependent repositories: 352
Downloads: 569,040 total
Affected Version Ranges: >= 7.5.0, < 7.5.26
Fixed in: 7.5.26
All affected versions: 7.5.0, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.5.7, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 7.5.12, 7.5.13, 7.5.14, 7.5.15, 7.5.16, 7.5.17, 7.5.18, 7.5.19, 7.5.20, 7.5.21, 7.5.22, 7.5.23, 7.5.24, 7.5.25
All unaffected versions: 5.0.0, 5.2.0, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.4.0, 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.5.2, 6.6.0, 6.6.1, 6.6.2, 6.7.0, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6, 6.7.7, 6.7.8, 6.7.9, 6.7.10, 6.8.0, 6.8.1, 6.9.0, 6.9.1, 6.10.0, 6.10.1, 6.11.0, 6.11.1, 6.11.2, 6.11.3, 6.11.4, 6.12.0, 6.12.1, 6.13.0, 6.13.1, 6.13.2, 6.13.3, 6.13.4, 6.13.5, 6.13.6, 6.13.8, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.4.0, 7.4.1, 7.4.2, 7.4.3, 7.4.4, 7.5.26, 7.5.27, 7.5.28, 7.5.29, 7.5.30, 7.5.31, 2013.4.0, 2013.5.0, 2013.6.0, 2013.7.0, 2013.7.1, 2013.7.2, 2013.7.3, 2013.9.0, 2013.9.1, 2013.9.2, 2013.11.0, 2013.11.1, 2014.1.0, 2014.1.1, 2014.1.2, 2014.1.3, 2014.1.4, 2014.1.5, 2014.3.1, 2014.3.2, 2014.3.3, 2014.3.4, 2014.5.0, 2014.5.1, 2014.5.2, 2014.7.0, 2014.7.1, 2014.7.2, 2014.7.3, 2014.11.0, 2014.11.1, 2014.11.2, 2014.11.3, 2014.11.4, 2014.11.5, 2014.11.6, 2014.11.7, 2014.11.8