ezsystems/ezpublish-kernel

Packagist7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ezsystems/ezpublish-kernelpage 1 of 1

CVE-2020-10806CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.5.6.2
2020-03-22
vulnerable: v7.0.0 ... v7.5.6-rc1 (59 versions)
eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP co…
CVE-2021-46875MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.5.15.2
2023-03-12
vulnerable: v7.0.0 ... v7.5.9.1 (69 versions)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
CVE-2021-46876MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.5.15.1
2023-03-12
vulnerable: v7.5.0 ... v7.5.9.1 (21 versions)
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
CVE-2022-25337CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.5.26
2022-02-18
vulnerable: v7.5.0 ... v7.5.9.1 (33 versions)
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
CVE-2022-48365HIGHCVSS 7.2EG 7.2✓ Fixed in 7.5.30
2023-03-12
vulnerable: v7.5.0 ... v7.5.9.1 (37 versions)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
CVE-2022-48366LOWCVSS 3.7EG 3.7✓ Fixed in 7.5.29
2023-03-12
vulnerable: v7.5.0 ... v7.5.9.1 (36 versions)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
CVE-2022-48367CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.5.28
2023-03-12
vulnerable: v7.5.0 ... v7.5.9.1 (35 versions)
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.

Check whether ezsystems/ezpublish-kernel is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ezsystems/ezpublish-kernel CVEs against the assets you own.

Start Free Scan →