Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-cg84-55jx-4237: eZ Platform Password reset vulnerability

This Security Update fixes a severe vulnerability in the eZ Platform Admin UI, and we recommend that you install it as soon as possible. It affects eZ Platform 2.x. The functionality for resetting a forgotten password is vulnerable to brute force attack. Depending on configuration and other circumstances an attacker may exploit this to gain control over user accounts. The update ensures such an attack is exceedingly unlikely to succeed. You may want to consider a configuration change to further strengthen your security. By default a password reset request is valid for 1 hour. Reducing this time will make attacks even more difficult, but ensure there is enough time left to account for email delivery delays, and user delays. See documentation at https://doc.ezplatform.com/en/latest/guide/user_management/#changing-and-recovering-passwords To install, use Composer to update to one of the "Resolving versions" mentioned above. If you use eZ Platform 2.5, update ezsystems/ezplatform-user...

ghsa
#vulnerability#git
GHSA-4c2w-v5rq-5mx7: eZ Platform Editor Cross-site Scripting (XSS)

This Security Advisory is about two issues of low to medium severity. We recommend that you install the update as soon as possible. There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed in CKEditor v4.14, AlloyEditor v2.11.9. It is distributed via Composer, for: eZ Platform v1.13.x: ezsystems/PlatformUIAssetsBundle v4.2.3 (included from ezsystems/PlatformUIBundle v1.13.x) eZ Platform v2.5.13: ezsystems/ezplatform-admin-ui-assets v4.2.1 eZ Platform v3.0.*: ezsystems/ezplatform-admin-ui-assets v5.0.1 eZ Platform v3.1.2: ezsystems/ezplatform-admin-ui-assets v5.1.1 Drafts that are sent to trash become visible in the Review Queue, even for users that were not able to see them before this action. It's not possible to preview them, but their title ...

GHSA-jrpw-8884-2747: eZ Platform Bundled jQuery affected by CVE-2019-11358

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your ezsystems/ezplatform-admin-ui-assets to v4.2.0 using Composer. This release includes jQuery 3.4.1.

GHSA-9wv8-3h8h-x2wc: doctrine/doctrine-module zero-valued authentication credentials vulnerability

it is possible (under certain circumstances) to obtain a valid `Zend\Authentication` identity even without knowing the user's credentials by using a numerically valued credential in `DoctrineModule\Authentication\Adapter\ObjectRepository`.

GHSA-76w8-mqx4-wjrf: Doctrine DBAL SQL injection possibility

The identifier quoting in Doctrine DBAL has a potential security problem when user-input is passed into this function, making the security aspect of this functionality obsolete. If you make use of AbstractPlatform::quoteIdentifier() or Doctrine::quoteIdentifier() please upgrade immediately. The ORM itself does not use identifier quoting in combination with user-input, however we still urge everyone to update to the latest version of DBAL.

GHSA-qvgg-r6rq-vwfx: datadog/dd-trace Circumvents open_basedir INI directive

datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR [#579](https://github.com/DataDog/dd-trace-php/pull/579). This pull request ensures that the ddtrace.request_init_hook remains bound by the open_basedir INI directive, effectively addressing potential vulnerabilities related to open_basedir restrictions. The update introduces a sandboxing mechanism to isolate the request init hook from errors or exceptions during execution, enhancing the library's stability and preventing adverse impacts on the main script.

GHSA-wq43-8r5p-w3mc: contao/core PHP object injection vulnerability allows for arbitrary code execution

PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to `deserialize()` function.

GHSA-wxxw-5gq6-j2g5: contao/core Insufficient input validation allows for code injection and remote execution

contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change pathconfig.php by entering a URL, meaning that the entire Contao installation will no longer be accessible or malicious code can be executed.

GHSA-27qr-636m-wxg2: codeigniter/framework SQL injection in ODBC database driver

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.

GHSA-q9j3-4ghj-6h57: Inadequate XSS Prevention in CodeIgniter/Framework Security Library

The xss_clean() method in the Security Library of CodeIgniter/Framework, specifically in versions before 3.0.3, exhibited a vulnerability that allowed certain Cross-Site Scripting (XSS) vectors to bypass its intended protection mechanisms. The xss_clean() method is designed to sanitize input data by removing potentially malicious content, thus preventing XSS attacks. However, in versions prior to 3.0.3, it was discovered that the method did not adequately mitigate specific XSS vectors, leaving a potential security gap.