PT-2024-40035 · Ez Systems · Ezplatform-Kernel+1
Published
2024-05-15
·
Updated
2024-05-15
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
ezsystems/ezplatform-kernel versions prior to v1.0.3
ezsystems/ezpublish-kernel versions prior to v7.5.8
ezsystems/ezpublish-kernel versions prior to v6.13.6.4
ezsystems/ezpublish-kernel versions prior to v5.4.15
Description
The issue is an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution (RCE). All sites may be affected.
Recommendations
For ezsystems/ezplatform-kernel versions prior to v1.0.3, update to v1.0.3 or later.
For ezsystems/ezpublish-kernel versions prior to v7.5.8, update to v7.5.8 or later.
For ezsystems/ezpublish-kernel versions prior to v6.13.6.4, update to v6.13.6.4 or later.
For ezsystems/ezpublish-kernel versions prior to v5.4.15, update to v5.4.15 or later.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ezplatform-Kernel
Ezpublish-Kernel