Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
Typecomposer
Namespaceezsystems
Nameezpublish-kernel
Version7.5.15.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.5.31
Latest_non_vulnerable_version8.0.0-beta1
Affected_by_vulnerabilities
0
url VCID-1515-rc8b-zbbm
vulnerability_id VCID-1515-rc8b-zbbm
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48365
reference_id
reference_type
scores
0
value 0.00693
scoring_system epss
scoring_elements 0.72346
published_at 2026-06-11T12:55:00Z
1
value 0.00693
scoring_system epss
scoring_elements 0.72435
published_at 2026-06-14T12:55:00Z
2
value 0.00693
scoring_system epss
scoring_elements 0.72441
published_at 2026-06-13T12:55:00Z
3
value 0.00693
scoring_system epss
scoring_elements 0.72427
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48365
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48365
3
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
reference_id 957e67a08af2b3265753f9763943e8225ed779ab
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/957e67a08af2b3265753f9763943e8225ed779ab
4
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
reference_id GHSA-8h83-chh2-fchp
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-8h83-chh2-fchp
5
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
reference_id GHSA-99r3-xmmq-7q7g
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
6
reference_url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
reference_id GHSA-qq2j-9pf8-g58c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qq2j-9pf8-g58c
7
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_id ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T20:32:41Z/
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.30
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.30
aliases CVE-2022-48365, GHSA-qq2j-9pf8-g58c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1515-rc8b-zbbm
1
url VCID-3dej-a2k6-mkfc
vulnerability_id VCID-3dej-a2k6-mkfc
summary Code injection in ezsystems/ezpublish-kernel
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25337
reference_id
reference_type
scores
0
value 0.00537
scoring_system epss
scoring_elements 0.67968
published_at 2026-06-11T12:55:00Z
1
value 0.00537
scoring_system epss
scoring_elements 0.68065
published_at 2026-06-14T12:55:00Z
2
value 0.00537
scoring_system epss
scoring_elements 0.68069
published_at 2026-06-13T12:55:00Z
3
value 0.00537
scoring_system epss
scoring_elements 0.68056
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25337
1
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
2
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25337
reference_id CVE-2022-25337
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25337
4
reference_url https://github.com/advisories/GHSA-xwv6-v7qx-f5jc
reference_id GHSA-xwv6-v7qx-f5jc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xwv6-v7qx-f5jc
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.26
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-fgne-j33v-2fhv
3
vulnerability VCID-jjry-usfr-dqfy
4
vulnerability VCID-jx85-npqm-tucj
5
vulnerability VCID-qpmz-w944-skf1
6
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.26
aliases CVE-2022-25337, GHSA-xwv6-v7qx-f5jc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dej-a2k6-mkfc
2
url VCID-6bux-9s4g-u3f7
vulnerability_id VCID-6bux-9s4g-u3f7
summary IBX-1392: Image filenames sanitization
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://github.com/ezsystems/ezpublish-kernel/releases/tag/v7.5.26
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/releases/tag/v7.5.26
3
reference_url https://github.com/advisories/GHSA-44m4-9cjp-j587
reference_id GHSA-44m4-9cjp-j587
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-44m4-9cjp-j587
4
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-44m4-9cjp-j587
reference_id GHSA-44m4-9cjp-j587
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-44m4-9cjp-j587
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.26
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-fgne-j33v-2fhv
3
vulnerability VCID-jjry-usfr-dqfy
4
vulnerability VCID-jx85-npqm-tucj
5
vulnerability VCID-qpmz-w944-skf1
6
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.26
aliases GHSA-44m4-9cjp-j587, GMS-2022-23
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bux-9s4g-u3f7
3
url VCID-93qx-tphk-qbhg
vulnerability_id VCID-93qx-tphk-qbhg
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.68247
published_at 2026-06-14T12:55:00Z
1
value 0.00542
scoring_system epss
scoring_elements 0.6825
published_at 2026-06-13T12:55:00Z
2
value 0.00542
scoring_system epss
scoring_elements 0.68237
published_at 2026-06-12T12:55:00Z
3
value 0.00542
scoring_system epss
scoring_elements 0.68148
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46875
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
3
reference_url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezplatform-kernel#v1.2.5.1
4
reference_url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezpublish-kernel#v7.5.15.2
5
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
reference_id 29fecd2afe86f763510f10c02f14962d028f311b
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/29fecd2afe86f763510f10c02f14962d028f311b
6
reference_url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrvj-7q4f-5p42
7
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T21:15:05Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-3dej-a2k6-mkfc
2
vulnerability VCID-6bux-9s4g-u3f7
3
vulnerability VCID-e7nm-tf1f-j7ax
4
vulnerability VCID-fgne-j33v-2fhv
5
vulnerability VCID-jjry-usfr-dqfy
6
vulnerability VCID-jx85-npqm-tucj
7
vulnerability VCID-qpmz-w944-skf1
8
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
1
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2
aliases CVE-2021-46875, GHSA-mrvj-7q4f-5p42, GMS-2021-111, GMS-2021-47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93qx-tphk-qbhg
4
url VCID-e7nm-tf1f-j7ax
vulnerability_id VCID-e7nm-tf1f-j7ax
summary eZ Platform users with the Company admin role can assign any role to any user
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/advisories/GHSA-99r3-xmmq-7q7g
reference_id GHSA-99r3-xmmq-7q7g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99r3-xmmq-7q7g
2
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
reference_id GHSA-99r3-xmmq-7q7g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-99r3-xmmq-7q7g
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.30
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.30
1
url pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
purl pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
aliases GHSA-99r3-xmmq-7q7g, GMS-2022-6758
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7nm-tf1f-j7ax
5
url VCID-fgne-j33v-2fhv
vulnerability_id VCID-fgne-j33v-2fhv
summary An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48367
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62882
published_at 2026-06-11T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62991
published_at 2026-06-14T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62996
published_at 2026-06-13T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62983
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48367
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48367
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48367
3
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x
reference_id GHSA-5x4f-7xgq-r42x
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:52:00Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x
4
reference_url https://github.com/advisories/GHSA-h5v2-wrhp-5v35
reference_id GHSA-h5v2-wrhp-5v35
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h5v2-wrhp-5v35
5
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge
reference_id ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:52:00Z/
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-004-ineffective-object-state-limitation-and-unauthenticated-fastly-purge
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.28
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-jjry-usfr-dqfy
3
vulnerability VCID-qpmz-w944-skf1
4
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.28
aliases CVE-2022-48367, GHSA-h5v2-wrhp-5v35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fgne-j33v-2fhv
6
url VCID-jjry-usfr-dqfy
vulnerability_id VCID-jjry-usfr-dqfy
summary An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48366
reference_id
reference_type
scores
0
value 0.0023
scoring_system epss
scoring_elements 0.45977
published_at 2026-06-11T12:55:00Z
1
value 0.0023
scoring_system epss
scoring_elements 0.46114
published_at 2026-06-14T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.46128
published_at 2026-06-13T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.46121
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48366
1
reference_url https://github.com/ezsystems/ezplatform-kernel
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezplatform-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48366
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48366
3
reference_url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
reference_id GHSA-342c-vcff-2ff2
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
4
reference_url https://github.com/advisories/GHSA-66m4-gc8h-hpjx
reference_id GHSA-66m4-gc8h-hpjx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66m4-gc8h-hpjx
5
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
reference_id GHSA-xfqg-p48g-hh94
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
6
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
reference_id ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:53:33Z/
url https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.29
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.29
aliases CVE-2022-48366, GHSA-66m4-gc8h-hpjx
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jjry-usfr-dqfy
7
url VCID-jx85-npqm-tucj
vulnerability_id VCID-jx85-npqm-tucj
summary Object state limitation has no effect
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/133c33cbcaa330953d6283865153f3dfdc7a2e45
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/commit/133c33cbcaa330953d6283865153f3dfdc7a2e45
2
reference_url https://github.com/advisories/GHSA-5x4f-7xgq-r42x
reference_id GHSA-5x4f-7xgq-r42x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5x4f-7xgq-r42x
3
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x
reference_id GHSA-5x4f-7xgq-r42x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-5x4f-7xgq-r42x
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.28
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-jjry-usfr-dqfy
3
vulnerability VCID-qpmz-w944-skf1
4
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.28
aliases GHSA-5x4f-7xgq-r42x, GMS-2022-1046
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jx85-npqm-tucj
8
url VCID-pjyp-wjua-9kcg
vulnerability_id VCID-pjyp-wjua-9kcg
summary 
Duplicate Advisory: Cross Site Scripting in eZ Platform Ibexa Kernel
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-mrvj-7q4f-5p42. This link is maintained to preserve external references.

## Original Description
## Impact

In file upload it is possible by certain means to upload files like .html and .js. These may contain XSS exploits which will be run when links to them are accessed by victims.
Patches

## Patches

The fix consists simply of adding common types of scriptable file types to the configuration of the already existing filetype blacklist feature. See "Patched versions". As such, this can also be done manually, without installing the patched versions. This may be relevant if you are currently running a considerably older version of the kernel package and don't want to upgrade it at this time. Please see the settting "ezsettings.default.io.file_storage.file_type_blacklist" at:
https://github.com/ezsystems/ezplatform-kernel/blob/master/eZ/Bundle/EzPublishCoreBundle/Resources/config/default_settings.yml#L109
Important note

## Important note

You should adapt this setting to your needs. Do not add file types to the blacklist that you actually need to be able to upload. For instance, if you need your editors to be able to upload SVG files, then don't blacklist that. Instead, you could e.g. use an approval workflow for such content.
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46875
2
reference_url https://github.com/advisories/GHSA-c737-jhwr-fqxj
reference_id GHSA-c737-jhwr-fqxj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c737-jhwr-fqxj
3
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
reference_id GHSA-mrvj-7q4f-5p42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-mrvj-7q4f-5p42
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-3dej-a2k6-mkfc
2
vulnerability VCID-6bux-9s4g-u3f7
3
vulnerability VCID-e7nm-tf1f-j7ax
4
vulnerability VCID-fgne-j33v-2fhv
5
vulnerability VCID-jjry-usfr-dqfy
6
vulnerability VCID-jx85-npqm-tucj
7
vulnerability VCID-qpmz-w944-skf1
8
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.2
1
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B2
aliases GHSA-c737-jhwr-fqxj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjyp-wjua-9kcg
9
url VCID-qpmz-w944-skf1
vulnerability_id VCID-qpmz-w944-skf1
summary Login timing attack in ezsystems/ezpublish-kernel
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/913fe17281536a91437d94e8267181ae8b57f5d5
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/commit/913fe17281536a91437d94e8267181ae8b57f5d5
2
reference_url https://issues.ibexa.co/browse/IBX-1755
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.ibexa.co/browse/IBX-1755
3
reference_url https://github.com/advisories/GHSA-xfqg-p48g-hh94
reference_id GHSA-xfqg-p48g-hh94
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xfqg-p48g-hh94
4
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
reference_id GHSA-xfqg-p48g-hh94
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.29
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-e7nm-tf1f-j7ax
2
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.29
aliases GHSA-xfqg-p48g-hh94, GMS-2022-1738
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmz-w944-skf1
10
url VCID-xbxs-euz1-qfhe
vulnerability_id VCID-xbxs-euz1-qfhe
summary 
Download route allows filename change in eZpublish kernel
### Impact
The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and confusion, and possibly other harm. As such it is a low severity vulnerability. It affects all supported versions of Ibexa DXP and eZ Platform, in installations where downloadable files exist.

### Patches
The issue is fixed in all supported versions of ezsystems/ezpublish-kernel, see "Patched versions".
An advisory is also published for ezsystems/ezplatform-kernel and ibexa/core, please see those repositories.
Commit: https://github.com/ezsystems/ezpublish-kernel/commit/142152f9bae4c4835713df0bdfe22bc98d03f9a1

### Workarounds
None, other than blocking all downloads.

### References
https://developers.ibexa.co/security-advisories/ibexa-sa-2023-005-vulnerabilities-in-solr-search-and-file-downloads
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/142152f9bae4c4835713df0bdfe22bc98d03f9a1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/commit/142152f9bae4c4835713df0bdfe22bc98d03f9a1
2
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-946c-f9w6-2c25
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-946c-f9w6-2c25
3
reference_url https://github.com/advisories/GHSA-946c-f9w6-2c25
reference_id GHSA-946c-f9w6-2c25
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-946c-f9w6-2c25
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@7.5.31
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.31
1
url pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
purl pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@8.0.0-beta1
aliases GHSA-946c-f9w6-2c25, GMS-2023-3989
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbxs-euz1-qfhe
Fixing_vulnerabilities
0
url VCID-9q94-psat-5kan
vulnerability_id VCID-9q94-psat-5kan
summary 
Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references.

## Original Description

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the response data or response time of certain requests. The fix ensures neither attack is possible. The fix is distributed via Composer.
references
0
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46876
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46876
2
reference_url https://github.com/advisories/GHSA-89p3-9j8c-fqh4
reference_id GHSA-89p3-9j8c-fqh4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-89p3-9j8c-fqh4
3
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj
reference_id GHSA-gmrf-99gw-vvwj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B1
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
1
vulnerability VCID-pjyp-wjua-9kcg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-3dej-a2k6-mkfc
2
vulnerability VCID-6bux-9s4g-u3f7
3
vulnerability VCID-93qx-tphk-qbhg
4
vulnerability VCID-e7nm-tf1f-j7ax
5
vulnerability VCID-fgne-j33v-2fhv
6
vulnerability VCID-jjry-usfr-dqfy
7
vulnerability VCID-jx85-npqm-tucj
8
vulnerability VCID-pjyp-wjua-9kcg
9
vulnerability VCID-qpmz-w944-skf1
10
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B1
aliases GHSA-89p3-9j8c-fqh4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9q94-psat-5kan
1
url VCID-bn65-ps85-1ua8
vulnerability_id VCID-bn65-ps85-1ua8
summary An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-46876
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47172
published_at 2026-06-12T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.47169
published_at 2026-06-14T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.47187
published_at 2026-06-13T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.47031
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-46876
1
reference_url https://github.com/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ezsystems/ezpublish-kernel
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-46876
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-46876
3
reference_url https://packagist.org/packages/ezsystems/ezpublish-kernel
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/ezsystems/ezpublish-kernel
4
reference_url https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed
reference_id b496f073c3f03707d3531a6941dc098b84e3cbed
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T16:41:54Z/
url https://github.com/ezsystems/ezpublish-kernel/commit/b496f073c3f03707d3531a6941dc098b84e3cbed
5
reference_url https://github.com/advisories/GHSA-gmrf-99gw-vvwj
reference_id GHSA-gmrf-99gw-vvwj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmrf-99gw-vvwj
6
reference_url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj
reference_id GHSA-gmrf-99gw-vvwj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T16:41:54Z/
url https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-gmrf-99gw-vvwj
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8%252B1
1
url pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
purl pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
1
vulnerability VCID-pjyp-wjua-9kcg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@6.13.8.1
2
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1515-rc8b-zbbm
1
vulnerability VCID-3dej-a2k6-mkfc
2
vulnerability VCID-6bux-9s4g-u3f7
3
vulnerability VCID-93qx-tphk-qbhg
4
vulnerability VCID-e7nm-tf1f-j7ax
5
vulnerability VCID-fgne-j33v-2fhv
6
vulnerability VCID-jjry-usfr-dqfy
7
vulnerability VCID-jx85-npqm-tucj
8
vulnerability VCID-pjyp-wjua-9kcg
9
vulnerability VCID-qpmz-w944-skf1
10
vulnerability VCID-xbxs-euz1-qfhe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1
3
url pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1
purl pkg:composer/ezsystems/ezpublish-kernel@7.5.15%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93qx-tphk-qbhg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15%252B1
aliases CVE-2021-46876, GHSA-gmrf-99gw-vvwj, GMS-2021-110
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn65-ps85-1ua8
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-kernel@7.5.15.1