ezsystems/ezpublish-kernel vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-64VJ-933F-6PM3Highezsystems/ezpublish-kernel: eZ Platform Object Injection in SiteAccessMatchListenerGHSA-3VWR-JJ4F-H98XHighezsystems/ezpublish-kernel: eZ Publish Remote code execution in file uploadsGHSA-9WWX-C723-VM8XMediumezsystems/ezpublish-kernel: eZ Platform REST API returns list of all SiteAccessesGHSA-946C-F9W6-2C25Lowezsystems/ezpublish-kernel: Download route allows filename change in eZpublish kernelCVE-2022-48365Highezsystems/ezpublish-kernel: Company admin role gives excessive privileges in eZ Platform IbexaCVE-2022-48367Criticalezsystems/ezpublish-kernel: Access control issue in ezsystems/ezpublish-kernelCVE-2022-48366Lowezsystems/ezplatform-kernel: Timing attack in eZ Platform IbexaGHSA-99R3-XMMQ-7Q7GCriticalezsystems/ezpublish-kernel: eZ Platform users with the Company admin role can assign any role to any userGHSA-XFQG-P48G-HH94Criticalezsystems/ezpublish-kernel: Login timing attack in ezsystems/ezpublish-kernelCVE-2020-10806Criticalezsystems/ezpublish-kernel: eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous TypeGHSA-5X4F-7XGQ-R42XCriticalezsystems/ezpublish-kernel: Object state limitation has no effectCVE-2022-25337Criticalezsystems/ezpublish-kernel: Code injection in ezsystems/ezpublish-kernelGHSA-44M4-9CJP-J587Highezsystems/ezpublish-kernel: IBX-1392: Image filenames sanitizationCVE-2021-46875Highezsystems/ezpublish-kernel: Cross-site scripting in eZ Platform KernelCVE-2021-46876Mediumezsystems/ezpublish-kernel: /user/sessions endpoint allows detecting valid accounts

Stop the waste.
Protect your environment with Kodem.