Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02djZwLWc4Y2ctMmhnZ803nQ
Improper Certificate Validation in node-sass affects eZ Platform
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. This affects eZ Platform v2.5 only. The maintainers resolved it by replacing node-sass 4.11 with sass 1.32.13. This issue also affects ezsystems/ezplatform and ezsystems/ezplatform-page-builder.
Permalink: https://github.com/advisories/GHSA-6v6p-g8cg-2hggJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02djZwLWc4Y2ctMmhnZ803nQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-6v6p-g8cg-2hgg
References:
- https://github.com/ezsystems/ezplatform-admin-ui/security/advisories/GHSA-6v6p-g8cg-2hgg
- https://nvd.nist.gov/vuln/detail/CVE-2020-24025
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-002-vulnerability-in-node-sass
- https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
- https://github.com/ezsystems/ezplatform-admin-ui/releases/tag/v1.5.27
- https://github.com/advisories/GHSA-6v6p-g8cg-2hgg
Blast Radius: 11.1
Affected Packages
packagist:ezsystems/ezplatform-admin-ui
Dependent packages: 76Dependent repositories: 125
Downloads: 711,509 total
Affected Version Ranges: >= 1.5.0, < 1.5.27
Fixed in: 1.5.27
All affected versions: 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.5.12, 1.5.13, 1.5.14, 1.5.15, 1.5.16, 1.5.17, 1.5.18, 1.5.19, 1.5.20, 1.5.21, 1.5.22, 1.5.23, 1.5.24, 1.5.25, 1.5.26
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.5.27, 1.5.28, 1.5.29, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.15, 2.3.16, 2.3.17, 2.3.18, 2.3.19, 2.3.20, 2.3.21, 2.3.22, 2.3.23, 2.3.24, 2.3.25, 2.3.26, 2.3.27, 2.3.28, 2.3.29, 2.3.30, 2.3.31, 2.3.32, 2.3.33, 2.3.34, 2.3.35