{"url":"http://public2.vulnerablecode.io/api/packages/56942?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2018.6.0","type":"composer","namespace":"ezsystems","name":"ezpublish-legacy","version":"2018.6.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2018.6.1+3","latest_non_vulnerable_version":"2019.3.6+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40404?format=json","vulnerability_id":"VCID-2975-xhf4-ckcj","summary":"Improper Access Control\nPasswordless login for LDAP users","references":[{"reference_url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users","reference_id":"","reference_type":"","scores":[],"url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-005-passwordless-login-for-ldap-users"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56945?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B3"}],"aliases":["GMS-2018-65"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2975-xhf4-ckcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41434?format=json","vulnerability_id":"VCID-29ju-364n-qkch","summary":"Content object state fetch functions open to SQL injection\n### Impact\nThis Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.\n\n### Patches\nThe fix is distributed via Composer, see \"Patched versions\".","references":[{"reference_url":"https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection","reference_id":"","reference_type":"","scores":[],"url":"https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection"},{"reference_url":"https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42"},{"reference_url":"https://github.com/advisories/GHSA-jpwx-ffjq-wr4w","reference_id":"GHSA-jpwx-ffjq-wr4w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jpwx-ffjq-wr4w"},{"reference_url":"https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w","reference_id":"GHSA-jpwx-ffjq-wr4w","reference_type":"","scores":[],"url":"https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58936?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%252B1"}],"aliases":["GHSA-jpwx-ffjq-wr4w","GMS-2021-112"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29ju-364n-qkch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40467?format=json","vulnerability_id":"VCID-eaqz-xw6f-6yeb","summary":"EZSA-2018-009 Do not interpret PHP/PHAR uploads","references":[{"reference_url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads","reference_id":"","reference_type":"","scores":[],"url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-009-do-not-interpret-php-phar-uploads"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56951?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2019.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0"}],"aliases":["GMS-2018-67"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqz-xw6f-6yeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40407?format=json","vulnerability_id":"VCID-ufw5-emg4-cqd6","summary":"EZSA-2018-006 XSS vulnerability in 'disabled module' error template","references":[{"reference_url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template","reference_id":"","reference_type":"","scores":[],"url":"http://share.ez.no/community-project/security-advisories/ezsa-2018-006-xss-vulnerability-in-disabled-module-error-template"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56950?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%2B4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.1%252B4"},{"url":"http://public2.vulnerablecode.io/api/packages/56951?format=json","purl":"pkg:composer/ezsystems/ezpublish-legacy@2019.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.0"}],"aliases":["GMS-2018-66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufw5-emg4-cqd6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2018.6.0"}