Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/ezsystems/ezpublish-legacy@2014.05.1

Type composer

Namespace ezsystems

Name ezpublish-legacy

Version 2014.05.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2017.12.7.4

Latest_non_vulnerable_version 2019.03.6

Affected_by_vulnerabilities

url VCID-1n4y-a3m5-13ce

vulnerability_id VCID-1n4y-a3m5-13ce

summary EZSA-2018-009 Do not interpret PHP/PHAR uploads

references

reference_url	http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads
reference_id
reference_type
scores
url	http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads

fixed_packages

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95mj-pnx2-gfh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gvfu-agv3-g7cy

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

aliases GMS-2018-67

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1n4y-a3m5-13ce

url VCID-2xqw-e2f3-pudf

vulnerability_id VCID-2xqw-e2f3-pudf

summary Information disclosure in backend content tree menu.

references

reference_url	http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu
reference_id
reference_type
scores
url	http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.10.0

purl pkg:composer/ezsystems/ezpublish-legacy@2017.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-31vj-v1ax-w3ax

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-8pw8-3t56-2yag

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-9uec-kjsb-8ygq

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-hzh3-v9j1-x7fb

vulnerability	VCID-k8yx-97wb-r7af

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.10.0

aliases GMS-2017-337

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xqw-e2f3-pudf

url VCID-31vj-v1ax-w3ax

vulnerability_id VCID-31vj-v1ax-w3ax

summary

Improper Access Control
Passwordless login for LDAP users

references

reference_url	http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users
reference_id
reference_type
scores
url	http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users

fixed_packages

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1

url	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95mj-pnx2-gfh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

aliases GMS-2018-65

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31vj-v1ax-w3ax

url VCID-7116-t5cw-tqab

vulnerability_id VCID-7116-t5cw-tqab

summary eZ Publish Information disclosure in backend content tree menu

references

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/a4a0470f8d80f012fe14e4f8ab11c7d14375986c

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2017-09-11-1.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2017-09-11-1.yaml

reference_url

http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu

reference_url

https://github.com/advisories/GHSA-cc2j-92jq-wgjg

reference_id

GHSA-cc2j-92jq-wgjg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cc2j-92jq-wgjg

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.08.1.1

purl pkg:composer/ezsystems/ezpublish-legacy@2017.08.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-31vj-v1ax-w3ax

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-8pw8-3t56-2yag

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-9uec-kjsb-8ygq

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-hzh3-v9j1-x7fb

vulnerability	VCID-k8yx-97wb-r7af

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.1.1

url	pkg:composer/ezsystems/ezpublish-legacy@2017.8.1%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.8.1%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.1%252B1

aliases GHSA-cc2j-92jq-wgjg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7116-t5cw-tqab

url VCID-8adf-j2sz-qke2

vulnerability_id VCID-8adf-j2sz-qke2

summary EZSA-2018-006 XSS vulnerability in 'disabled module' error template

references

reference_url	http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template
reference_id
reference_type
scores
url	http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template

fixed_packages

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95mj-pnx2-gfh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

url	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4

url pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gvfu-agv3-g7cy

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0

aliases GMS-2018-66

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8adf-j2sz-qke2

url VCID-8pw8-3t56-2yag

vulnerability_id VCID-8pw8-3t56-2yag

summary

Cross-site Scripting
Several vulnerabilities in Forgot password, Information collector, XML text, and Matrix field type features

references

reference_url	http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features
reference_id
reference_type
scores
url	http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features

fixed_packages

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1

aliases GMS-2018-64

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pw8-3t56-2yag

url VCID-95mj-pnx2-gfh6

vulnerability_id VCID-95mj-pnx2-gfh6

summary

Content object state fetch functions open to SQL injection
### Impact
This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.

### Patches
The fix is distributed via Composer, see "Patched versions".

references

reference_url

https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42

reference_url

https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w

reference_url

https://github.com/advisories/GHSA-jpwx-ffjq-wr4w

reference_id

GHSA-jpwx-ffjq-wr4w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jpwx-ffjq-wr4w

fixed_packages

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7.4

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B4
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%252B4

url	pkg:composer/ezsystems/ezpublish-legacy@2019.03.6
purl	pkg:composer/ezsystems/ezpublish-legacy@2019.03.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.03.6

url	pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%252B1

aliases GHSA-jpwx-ffjq-wr4w, GMS-2021-112

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95mj-pnx2-gfh6

url VCID-9uec-kjsb-8ygq

vulnerability_id VCID-9uec-kjsb-8ygq

summary eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

references

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/6db0e6b7739481f27d954548388bd3f0ed2c6fdd

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/6db0e6b7739481f27d954548388bd3f0ed2c6fdd

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/917711eb7ffe2b52a3e9fe12505f6810a63696f7

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/917711eb7ffe2b52a3e9fe12505f6810a63696f7

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/efcd2b61b15eaaf74e0ff28d6c723cf28e655dab

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/efcd2b61b15eaaf74e0ff28d6c723cf28e655dab

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/f9ffaf590b63b4f552142cfd4441afbbfb3f19b1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/f9ffaf590b63b4f552142cfd4441afbbfb3f19b1

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-02-26-1.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-02-26-1.yaml

reference_url

https://web.archive.org/web/20210614192631/http://share.ez.no/community-project/security-advisories/ezsa-2018-001-several-vulnerabilities-in-forgot-password-information-collector-xml-text-and-matrix-field-type-features

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

https://github.com/advisories/GHSA-82rv-45pc-v28w

reference_id

GHSA-82rv-45pc-v28w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-82rv-45pc-v28w

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.12.2.1

purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-31vj-v1ax-w3ax

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-hzh3-v9j1-x7fb

vulnerability	VCID-k8yx-97wb-r7af

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2.1

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.2%252B1

aliases GHSA-82rv-45pc-v28w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9uec-kjsb-8ygq

url VCID-cqdb-wk9t-9ubg

vulnerability_id VCID-cqdb-wk9t-9ubg

summary Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads

references

reference_url

https://github.com/ezsystems/ezplatform/commit/9a0c52dc4535e4b3ce379f80222dc53f705a2cfd

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezplatform/commit/9a0c52dc4535e4b3ce379f80222dc53f705a2cfd

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/d21957bf202b091ab39dfb5be300f6c30be3933e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/d21957bf202b091ab39dfb5be300f6c30be3933e

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-21-1.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-21-1.yaml

reference_url

http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads

reference_url

https://web.archive.org/web/20210614192208/https://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210614192208/https://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads

reference_url

https://github.com/advisories/GHSA-pqjm-xcp8-wgmm

reference_id

GHSA-pqjm-xcp8-wgmm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pqjm-xcp8-wgmm

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.3

purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.3

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B3

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95mj-pnx2-gfh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.4

url	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4

url pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.3

purl pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-95mj-pnx2-gfh6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.3

url	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B3
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B3

aliases GHSA-pqjm-xcp8-wgmm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqdb-wk9t-9ubg

url VCID-fp81-5fw4-vuda

vulnerability_id VCID-fp81-5fw4-vuda

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000431

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.5294
published_at	2026-06-11T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.53069
published_at	2026-06-12T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.53084
published_at	2026-06-13T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.53066
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000431

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/c7174295fa0b9bd81bd4af908082464b0b80f278

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/CVE-2017-1000431.yaml

reference_url

http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000431

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000431

reference_url

https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210408035246/http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search

reference_url

https://github.com/advisories/GHSA-m98q-p5gq-q5ff

reference_id

GHSA-m98q-p5gq-q5ff

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m98q-p5gq-q5ff

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.08.0

purl pkg:composer/ezsystems/ezpublish-legacy@2017.08.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-2xqw-e2f3-pudf

vulnerability	VCID-31vj-v1ax-w3ax

vulnerability	VCID-7116-t5cw-tqab

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-8pw8-3t56-2yag

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-9uec-kjsb-8ygq

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-f584-5rr3-xyh5

vulnerability	VCID-hzh3-v9j1-x7fb

vulnerability	VCID-k8yx-97wb-r7af

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.08.0

url pkg:composer/ezsystems/ezpublish-legacy@2017.8.0

purl pkg:composer/ezsystems/ezpublish-legacy@2017.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f584-5rr3-xyh5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.8.0

aliases CVE-2017-1000431, GHSA-m98q-p5gq-q5ff

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fp81-5fw4-vuda

url VCID-hzh3-v9j1-x7fb

vulnerability_id VCID-hzh3-v9j1-x7fb

summary eZ Publish Legacy Passwordless login for LDAP users

references

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/01930a95637389301f762be1439f726013e58aba

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/01930a95637389301f762be1439f726013e58aba

reference_url

https://github.com/ezsystems/ezpublish-legacy/pull/1394

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/pull/1394

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-10-31-1.yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-10-31-1.yaml

reference_url

https://issues.ibexa.co/browse/EZP-29703

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.ibexa.co/browse/EZP-29703

reference_url

https://web.archive.org/web/20201027063527/https://magento.com/security/news/new-zend-framework-1-security-vulnerability

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201027063527/https://magento.com/security/news/new-zend-framework-1-security-vulnerability

reference_url

https://web.archive.org/web/20210614184552/https://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210614184552/https://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users

reference_url

https://github.com/advisories/GHSA-p9mp-vq4v-v5m5

reference_id

GHSA-p9mp-vq4v-v5m5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p9mp-vq4v-v5m5

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.1

purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-k8yx-97wb-r7af

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.1

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B1

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.2

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-k8yx-97wb-r7af

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.2

url	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B2
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B2

url pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.1

purl pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-8adf-j2sz-qke2

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-k8yx-97wb-r7af

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.1

url	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B1
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B1

aliases GHSA-p9mp-vq4v-v5m5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzh3-v9j1-x7fb

url VCID-k8yx-97wb-r7af

vulnerability_id VCID-k8yx-97wb-r7af

summary eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template

references

reference_url

https://github.com/ezsystems/ezpublish-legacy

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy

reference_url

https://github.com/ezsystems/ezpublish-legacy/commit/4697bff700e8cf95d5847ea19dad3479a77b02d9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ezsystems/ezpublish-legacy/commit/4697bff700e8cf95d5847ea19dad3479a77b02d9

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-01-1.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2018-11-01-1.yaml

reference_url

http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template

reference_url

https://web.archive.org/web/20210614172734/http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210614172734/http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template

reference_url

https://github.com/advisories/GHSA-2vh3-cj9j-mcj5

reference_id

GHSA-2vh3-cj9j-mcj5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2vh3-cj9j-mcj5

fixed_packages

url pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.2

purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-8g2d-vzzv-3ygm

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

vulnerability	VCID-mfrx-h2sj-x3fg

vulnerability	VCID-yr2r-tgv2-gqd4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4.2

url	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
purl	pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.4%252B2

url	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3

url pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.3

purl pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.06.1.3

url pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.2

purl pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1n4y-a3m5-13ce

vulnerability	VCID-95mj-pnx2-gfh6

vulnerability	VCID-cqdb-wk9t-9ubg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.09.1.2

url	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B2
purl	pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%2B2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.9.1%252B2

aliases GHSA-2vh3-cj9j-mcj5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8yx-97wb-r7af

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2014.05.1

Package Instance