Franek Kalinowski

**Name of the Vulnerable Software and Affected Versions** Public Knowledge Project (PKP) pkp-lib versions prior to 3.1.2-2 Open Journal Systems (OJS) versions prior to 3.1.2-2 **Description** An issue in the report generator allows code injection if an authenticated Journal Manager user visits a crafted URL. This is due to the use of unserialize, which can lead to code injection. **Recommendations** For Public Knowledge Project (PKP) pkp-lib versions prior to 3.1.2-2, update to version 3.1.2-2 or later to resolve the issue. For Open Journal Systems (OJS) versions prior to 3.1.2-2, update to version 3.1.2-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the report generator for authenticated Journal Manager users until a patch is available.