Name of the Vulnerable Software and Affected Versions ezsystems/ezplatform versions 1.7.9 through 1.7.9, 1.13.5 through 1.13.5, 2.5.4 through 2.5.4

Description The issue is related to caching vulnerabilities when the front-controller script is included in URLs. This is particularly problematic when using eZ Platform Cloud, as the recommended rewrite rules cannot be applied. To mitigate this, the advisory introduces a prevention mechanism within the front controller script itself.

Recommendations For versions 1.7.9, 1.13.5, and 2.5.4, install the security update distributed via Composer as ezsystems/ezplatform 1.7.9.1, 1.13.5.1, and 2.5.4 respectively.