ezsystems/ezplatform-kernel

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ezsystems/ezplatform-kernelpage 1 of 1

CVE-2021-46875MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.3.1.1
2023-03-12
vulnerable: v1.3.0, v1.3.1
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
CVE-2022-25336MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.3.12
2022-02-18
vulnerable: v1.3.0 ... v1.3.9 (13 versions)
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
CVE-2022-48365HIGHCVSS 7.2EG 7.2✓ Fixed in 1.3.26
2023-03-12
vulnerable: v1.3.0 ... v1.3.9 (27 versions)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
CVE-2022-48366LOWCVSS 3.7EG 3.7✓ Fixed in 1.3.19
2023-03-12
vulnerable: v1.3.0 ... v1.3.9 (20 versions)
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

Check whether ezsystems/ezplatform-kernel is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ezsystems/ezplatform-kernel CVEs against the assets you own.

Start Free Scan →