Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Impact
This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.
Patches
Upgrade immediately to the latest release of Islandora.
Workarounds
In lieu of an upgrade the following module can be leveraged that will resolve the issue until such a time an upgrade can take place.
For more information
If you have any questions or comments about this advisory:
- Open an issue in Islandora
- Contact [email protected].
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-m58q-qq5h-mgqq
References:
- https://github.com/Islandora/islandora/security/advisories/GHSA-m58q-qq5h-mgqq
- https://github.com/Islandora/islandora/commit/573d6878edf057987f1e41e5068de0074573e4c7
- https://github.com/Islandora/islandora/releases/tag/2.4.1
- https://github.com/advisories/GHSA-m58q-qq5h-mgqq
Blast Radius: 13.4
Affected Packages
packagist:islandora/islandora
Dependent packages: 13Dependent repositories: 22
Downloads: 42,517 total
Affected Version Ranges: >= 2.0, < 2.4.1
Fixed in: 2.4.1
All affected versions: 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.3.0, 2.4.0
All unaffected versions: 1.0.0, 1.1.0, 1.1.1, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.9.0, 2.9.1, 2.10.0, 2.11.0, 2.12.0