Name of the Vulnerable Software and Affected Versions Ibexa DXP and eZ Platform (affected versions not specified) ezsystems/ezplatform-kernel (affected versions not specified) ezsystems/ezpublish-kernel (affected versions not specified) ibexa/core (affected versions not specified)

Description The issue is related to the route used for file downloads, which allows specifying the name of the downloaded file. This could lead to misunderstandings, confusion, and possibly other harm. The issue affects installations where downloadable files exist.

Recommendations For Ibexa DXP and eZ Platform, update to a version that includes the fix for the issue. For ezsystems/ezplatform-kernel, update to a patched version. For ezsystems/ezpublish-kernel and ibexa/core, refer to the advisory published for those repositories. As a temporary workaround, consider blocking all downloads until a patch is available.