PT-2024-40114 — Code Injection in Ez Systems Ezplatform-Kernel+1

PT-2024-40114 · Ez Systems · Ezplatform-Kernel+1

Published

2024-05-15

Updated

2024-05-15

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: ezsystems/ezplatform-kernel versions prior to v1.0.3 ezsystems/ezpublish-kernel versions prior to v7.5.8 ezsystems/ezpublish-kernel versions prior to v6.13.6.4 ezsystems/ezpublish-kernel versions prior to v5.4.15

Description: The issue is an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution (RCE). All sites may be affected.

Recommendations: For ezsystems/ezplatform-kernel versions prior to v1.0.3, update to v1.0.3 or later. For ezsystems/ezpublish-kernel versions prior to v7.5.8, update to v7.5.8 or later. For ezsystems/ezpublish-kernel versions prior to v6.13.6.4, update to v6.13.6.4 or later. For ezsystems/ezpublish-kernel versions prior to v5.4.15, update to v5.4.15 or later.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

GHSA-64VJ-933F-6PM3

Affected Products

Ezplatform-Kernel

Ezpublish-Kernel

PT-2024-40114 · Ez Systems · Ezplatform-Kernel+1

Weakness Enumeration

Related Identifiers

Affected Products

References · 4