Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1

Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access to executable files in the var directory does not work. This allows these files to be downloadable, although they will not be executable unless specifically configured to be so. The severity of this issue is limited, but it is still desirable to restrict access to these files. All platform.sh setups are affected.

Recommendations: For versions prior to 1.7.9.1, update to version 1.7.9.1 or later. For versions prior to 1.13.5.1, update to version 1.13.5.1 or later. For versions prior to 2.5.4.1, update to version 2.5.4.1 or later. As a temporary workaround, consider adding a rule to the .platform.app.yaml configuration file to block access to executable files in the var directory.