{"url":"http://public2.vulnerablecode.io/api/packages/456081?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2","type":"composer","namespace":"ezsystems","name":"ezpublish-kernel","version":"6.13.6.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.13.8+2","latest_non_vulnerable_version":"8.0.0-beta1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155180?format=json","vulnerability_id":"VCID-93qx-tphk-qbhg","summary":"An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46875","reference_id":"","reference_type":"","scores":[{"value":"0.00542","scoring_system":"epss","scoring_elements":"0.68148","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46875"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46875","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46875"},{"reference_url":"https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1"},{"reference_url":"https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b","reference_id":"29fecd2afe86f763510f10c02f14962d028f311b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/"}],"url":"https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b"},{"reference_url":"https://github.com/advisories/GHSA-mrvj-7q4f-5p42","reference_id":"GHSA-mrvj-7q4f-5p42","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrvj-7q4f-5p42"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42","reference_id":"GHSA-mrvj-7q4f-5p42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/"}],"url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380999?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/491378?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/381000?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/491379?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2"}],"aliases":["CVE-2021-46875","GHSA-mrvj-7q4f-5p42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93qx-tphk-qbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360999?format=json","vulnerability_id":"VCID-9q94-psat-5kan","summary":"Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.\n\n## Original Description\n\nThis Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.","references":[{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46876","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46876"},{"reference_url":"https://github.com/advisories/GHSA-89p3-9j8c-fqh4","reference_id":"GHSA-89p3-9j8c-fqh4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89p3-9j8c-fqh4"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj","reference_id":"GHSA-gmrf-99gw-vvwj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380783?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/488813?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-pjyp-wjua-9kcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/380784?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/488825?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-pjyp-wjua-9kcg"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1"}],"aliases":["GHSA-89p3-9j8c-fqh4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9q94-psat-5kan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155215?format=json","vulnerability_id":"VCID-bn65-ps85-1ua8","summary":"An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46876","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47031","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46876"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46876","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46876"},{"reference_url":"https://packagist.org/packages/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/ezsystems/ezpublish-kernel"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed","reference_id":"b496f073c3f03707d3531a6941dc098b84e3cbed","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T16:41:54Z/"}],"url":"https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed"},{"reference_url":"https://github.com/advisories/GHSA-gmrf-99gw-vvwj","reference_id":"GHSA-gmrf-99gw-vvwj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmrf-99gw-vvwj"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj","reference_id":"GHSA-gmrf-99gw-vvwj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T16:41:54Z/"}],"url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380783?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/488813?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-pjyp-wjua-9kcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/380784?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/488825?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-pjyp-wjua-9kcg"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1"}],"aliases":["CVE-2021-46876","GHSA-gmrf-99gw-vvwj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn65-ps85-1ua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211835?format=json","vulnerability_id":"VCID-du7k-qt4g-v3de","summary":"eZ Platform Object Injection in SiteAccessMatchListener","references":[{"reference_url":"https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2020-05-20-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2020-05-20-1.yaml"},{"reference_url":"https://github.com/advisories/GHSA-64vj-933f-6pm3","reference_id":"GHSA-64vj-933f-6pm3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64vj-933f-6pm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31322?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/488806?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-pjyp-wjua-9kcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/31324?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-pjyp-wjua-9kcg"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.8"}],"aliases":["GHSA-64vj-933f-6pm3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-du7k-qt4g-v3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361025?format=json","vulnerability_id":"VCID-pjyp-wjua-9kcg","summary":"Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-mrvj-7q4f-5p42. This link is maintained to preserve external references.\n\n## Original Description\n## Impact\n\nIn file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.\nPatches\n\n## Patches\n\nThe fix consists simply of adding common types of scriptable file types to the configuration of the already existing filetype blacklist feature. See \"Patched versions\". As such, this can also be done manually, without installing the patched versions. This may be relevant if you are currently running a considerably older version of the kernel package and don't want to upgrade it at this time. Please see the settting \"ezsettings.default.io.file_storage.file_type_blacklist\" at:\nhttps://github.com/ezsystems/ezplatform-kernel/blob/master/eZ/Bundle/EzPublishCoreBundle/Resources/config/default_settings.yml#L109\nImportant note\n\n## Important note\n\nYou should adapt this setting to your needs. Do not add file types to the blacklist that you actually need to be able to upload. For instance, if you need your editors to be able to upload SVG files, then don't blacklist that. Instead, you could e.g. use an approval workflow for such content.","references":[{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46875","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46875"},{"reference_url":"https://github.com/advisories/GHSA-c737-jhwr-fqxj","reference_id":"GHSA-c737-jhwr-fqxj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c737-jhwr-fqxj"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42","reference_id":"GHSA-mrvj-7q4f-5p42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380999?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/491378?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/381000?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/491379?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2"}],"aliases":["GHSA-c737-jhwr-fqxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjyp-wjua-9kcg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/320667?format=json","vulnerability_id":"VCID-8g2d-vzzv-3ygm","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10806","reference_id":"","reference_type":"","scores":[{"value":"0.02833","scoring_system":"epss","scoring_elements":"0.86501","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10806"},{"reference_url":"https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10806","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10806"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31310?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@5.4.14%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@5.4.14%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/456074?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/31312?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/456081?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-du7k-qt4g-v3de"},{"vulnerability":"VCID-pjyp-wjua-9kcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31309?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/456108?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-du7k-qt4g-v3de"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-pjyp-wjua-9kcg"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2"}],"aliases":["CVE-2020-10806","GHSA-54p5-gxq6-j98g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g2d-vzzv-3ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211832?format=json","vulnerability_id":"VCID-ja39-kdvq-yufv","summary":"eZ Publish Remote code execution in file uploads","references":[{"reference_url":"https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads"},{"reference_url":"https://github.com/ezsystems/ezpublish-kernel","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ezsystems/ezpublish-kernel"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2020-03-03-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-kernel/2020-03-03-1.yaml"},{"reference_url":"https://web.archive.org/web/20210304031629/https://developers.ibexa.co/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210304031629/https://developers.ibexa.co/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads"},{"reference_url":"https://github.com/advisories/GHSA-3vwr-jj4f-h98x","reference_id":"GHSA-3vwr-jj4f-h98x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3vwr-jj4f-h98x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31310?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@5.4.14%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@5.4.14%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/31312?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/456081?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-du7k-qt4g-v3de"},{"vulnerability":"VCID-pjyp-wjua-9kcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31309?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.6%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/456108?format=json","purl":"pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1515-rc8b-zbbm"},{"vulnerability":"VCID-3dej-a2k6-mkfc"},{"vulnerability":"VCID-6bux-9s4g-u3f7"},{"vulnerability":"VCID-93qx-tphk-qbhg"},{"vulnerability":"VCID-9q94-psat-5kan"},{"vulnerability":"VCID-bn65-ps85-1ua8"},{"vulnerability":"VCID-du7k-qt4g-v3de"},{"vulnerability":"VCID-fgne-j33v-2fhv"},{"vulnerability":"VCID-jjry-usfr-dqfy"},{"vulnerability":"VCID-jx85-npqm-tucj"},{"vulnerability":"VCID-pjyp-wjua-9kcg"},{"vulnerability":"VCID-xbxs-euz1-qfhe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.6.2"}],"aliases":["GHSA-3vwr-jj4f-h98x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ja39-kdvq-yufv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.6.2"}