Name of the Vulnerable Software and Affected Versions: ibexa core (affected versions not specified)

Description: The issue allows unwanted file types to be stored even if they are not easily accessible due to the content not being published. This occurs when file validation is configured to reject certain files by file type, but the file can still be saved when saving the content draft. An attacker would need existing access to create content with a file field type to exploit this.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.