ezsystems/ezplatform Security Advisories for v2.5.0-rc1 (4)
-
[HIGH] eZ Platform CSRF token in login form is disabled by default
PKSA-9xqn-7v2q-zk36 GHSA-45qm-j4m9-whv9
Affected version: >=2.5.0,<2.5.4
Reported by:
GitHub -
[MEDIUM] EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
PKSA-mwr1-dmvn-p871 GHSA-qhjc-hg94-245v
Affected version: >=2.5.0,<2.5.4|>=1.13.0,<1.13.5.1|>=1.7.0,<1.7.9.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh
PKSA-19g4-dw1s-118z GHSA-6xch-2vxx-5pvr
Affected version: >=2.5.0,<2.5.4|>=1.13.0,<1.13.5.1|>=1.7.0,<1.7.9.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] EZSA-2019-004 CSRF token in login form is disabled by default
PKSA-t91s-b3w1-3n4m GHSA-2rh5-jvgx-pgw3
Affected version: >=2.5.0,<2.5.4
Reported by:
FriendsOfPHP/security-advisories, GitHub