publify_core
RubyGems14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting publify_corepage 1 of 1
- CVE-2014-3211HIGHCVSS 7.5EG 7.5✓ Fixed in 8.0.12020-01-09
Publify before 8.0.1 is vulnerable to a Denial of Service attack
- CVE-2021-25973MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.2.52021-11-02
vulnerable: 9.0.0 ... 9.2.4 (14 versions)
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.
- CVE-2021-25974MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.2.52021-11-10
vulnerable: 9.0.0 ... 9.2.4 (14 versions)
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
- CVE-2021-25975MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.2.52021-11-10
vulnerable: 9.0.0 ... 9.2.4 (14 versions)
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
- CVE-2022-0524HIGHCVSS 7.5EG 7.5✓ Fixed in 9.2.72022-02-08
vulnerable: 9.0.0 ... 9.2.6 (16 versions)
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
- CVE-2022-0574MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.2.82022-05-16
vulnerable: 9.0.0 ... 9.2.7 (17 versions)
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
- CVE-2022-0578MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.2.82022-05-16
vulnerable: 9.0.0 ... 9.2.7 (17 versions)
Code Injection in GitHub repository publify/publify prior to 9.2.8.
- CVE-2022-1553MEDIUMCVSS 4.9EG 4.9✓ Fixed in 9.2.82022-05-16
vulnerable: 9.0.0 ... 9.2.7 (17 versions)
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the…
- CVE-2022-1810MEDIUMCVSS 4.3EG 4.3✓ Fixed in 9.2.92022-05-23
vulnerable: 9.0.0 ... 9.2.8 (18 versions)
Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.
- CVE-2022-1811MEDIUMCVSS 5.4EG 5.4✓ Fixed in 9.2.92022-05-23
vulnerable: 9.0.0 ... 9.2.8 (18 versions)
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
- CVE-2022-1812CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.2.102023-01-14
vulnerable: 9.0.0 ... 9.2.9 (19 versions)
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
- CVE-2022-2815MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.2.102023-01-14
vulnerable: 9.0.0 ... 9.2.9 (19 versions)
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.
- CVE-2023-0299CRITICALCVSS 9.8EG 9.8✓ Fixed in 9.2.102023-01-14
vulnerable: 9.0.0 ... 9.2.9 (19 versions)
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.
- CVE-2023-0569MEDIUMCVSS 6.5EG 6.5✓ Fixed in 9.2.102023-01-29
vulnerable: 9.0.0 ... 9.2.9 (19 versions)
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.
Check whether publify_core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for publify_core CVEs against the assets you own.
Start Free Scan →