ezsystems/ezpublish-kernel Security Advisories for v6.13.2-beta1 (9)
-
[HIGH] eZ Platform Object Injection in SiteAccessMatchListener
PKSA-f997-fdf2-12v5 GHSA-64vj-933f-6pm3
Affected version: >=5.4.0,<5.4.15|>=6.13.0,<6.13.6.4|>=7.5.0,<7.5.8
Reported by:
GitHub -
[HIGH] eZ Publish Remote code execution in file uploads
PKSA-rgzv-sd54-69gs GHSA-3vwr-jj4f-h98x
Affected version: >=5.4.0,<5.4.14.1|>=6.13.0,<6.13.6.2|>=7.5.0,<7.5.6.2
Reported by:
GitHub -
[MEDIUM] eZ Platform REST API returns list of all SiteAccesses
PKSA-jv5q-gq3v-6ywm GHSA-9wwx-c723-vm8x
Affected version: >=5.3.0,<5.3.12.1|>=5.4.0,<5.4.13.1|>=6.0.0,<6.7.9.1|>=6.8.0,<6.13.5.1|>=7.0.0,<7.2.4.1|>=7.3.0,<7.3.2.1
Reported by:
GitHub -
[MEDIUM] User account enumeration in eZ Publish Ibexa Kernel
PKSA-xy38-8tb1-r2db CVE-2021-46876 GHSA-89p3-9j8c-fqh4
Affected version: >=7.5.0,<7.5.15.1|>=6.13.0,<6.13.8.1
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in eZ Platform Ibexa Kernel
PKSA-fm8v-vkhn-dc5g CVE-2021-46875 GHSA-c737-jhwr-fqxj
Affected version: >=7.5.0,<7.5.15.2|>=6.13.0,<6.13.8.2
Reported by:
GitHub -
[CRITICAL] eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
PKSA-b5bw-6hbd-8dsn CVE-2020-10806 GHSA-54p5-gxq6-j98g
Affected version: >=7.0,<7.5.6.2|>=6.0,<6.13.6.2|<5.4.14.1
Reported by:
GitHub -
[HIGH] EZSA-2020-004 Object Injection in SiteAccessMatchListener
PKSA-b8pq-brvg-3dyp GHSA-gmrf-99gw-vvwj
Affected version: >=7.5.0,<7.5.7.1|>=6.13.0,<6.13.6.3|>=5.4.0,<5.4.14.2
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] EZSA-2020-001 Remote code execution in file uploads
PKSA-25nt-psjd-9fnj GHSA-mrvj-7q4f-5p42
Affected version: >=7.5.0,<7.5.6.2|>=6.13.0,<6.13.6.2|>=5.4.0,<5.4.14.1
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] EZSA-2018-008 REST API returns list of all SiteAccesses
PKSA-wb2t-56n4-3vbm GHSA-44m4-9cjp-j587
Affected version: >=7.3.0,<7.3.2.1|>=7.0.0,<7.2.4.1|>=6.8.0,<6.13.5.1|>=6.0.0,<6.7.9.1|>=5.4.0,<5.4.13.1|>=5.3.0,<5.3.12.1
Reported by:
FriendsOfPHP/security-advisories, GitHub