Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ezsystems/ezpublish-legacy@2019.3.5%2B1
Typecomposer
Namespaceezsystems
Nameezpublish-legacy
Version2019.3.5+1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2019.3.6+1
Latest_non_vulnerable_version2019.3.6+1
Affected_by_vulnerabilities
0
url VCID-29ju-364n-qkch
vulnerability_id VCID-29ju-364n-qkch
summary 
Content object state fetch functions open to SQL injection
### Impact
This Security Update is about a vulnerability in eZ Publish Legacy. The content object state code could be vulnerable to SQL injection. There is no known exploit, but one might be possible. If you use Legacy in any way, we strongly recommend that you install this update as soon as possible.

### Patches
The fix is distributed via Composer, see "Patched versions".
references
0
reference_url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection
reference_id
reference_type
scores
url https://developers.ibexa.co/security-advisories/ibexa-sa-2021-005-content-object-state-fetch-functions-open-to-sql-injection
1
reference_url https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-legacy/commit/f8e3a97afd92efb9148134a4bacb35a875777a42
2
reference_url https://github.com/advisories/GHSA-jpwx-ffjq-wr4w
reference_id GHSA-jpwx-ffjq-wr4w
reference_type
scores
url https://github.com/advisories/GHSA-jpwx-ffjq-wr4w
3
reference_url https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w
reference_id GHSA-jpwx-ffjq-wr4w
reference_type
scores
url https://github.com/ezsystems/ezpublish-legacy/security/advisories/GHSA-jpwx-ffjq-wr4w
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.6%252B1
aliases GHSA-jpwx-ffjq-wr4w, GMS-2021-112
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29ju-364n-qkch
Fixing_vulnerabilities
0
url VCID-qymv-b76a-2yh2
vulnerability_id VCID-qymv-b76a-2yh2
summary 
Ez Platform Object Injection in legacy shop module
This Security Advisory is about a vulnerability in the Legacy shop module. A backend editor could perform object injection in discount rules. This would require backend access and permission to edit discount rules. While object injection in itself is a serious vulnerability, the permission requirement means that normally only administrators would be able to exploit it, that's why it was classified as Medium severity.
references
0
reference_url https://ezplatform.com/security-advisories/ibexa-sa-2020-006-object-injection-in-legacy-shop-module
reference_id
reference_type
scores
url https://ezplatform.com/security-advisories/ibexa-sa-2020-006-object-injection-in-legacy-shop-module
1
reference_url https://github.com/ezsystems/ezpublish-legacy
reference_id
reference_type
scores
url https://github.com/ezsystems/ezpublish-legacy
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2020-10-05-1.yaml
reference_id
reference_type
scores
url https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezpublish-legacy/2020-10-05-1.yaml
3
reference_url https://github.com/advisories/GHSA-39j2-4p9j-5w4j
reference_id GHSA-39j2-4p9j-5w4j
reference_type
scores
url https://github.com/advisories/GHSA-39j2-4p9j-5w4j
fixed_packages
0
url pkg:composer/ezsystems/ezpublish-legacy@5.4.14%2B2
purl pkg:composer/ezsystems/ezpublish-legacy@5.4.14%2B2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@5.4.14%252B2
1
url pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B3
purl pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29ju-364n-qkch
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2017.12.7%252B3
2
url pkg:composer/ezsystems/ezpublish-legacy@2019.3.5%2B1
purl pkg:composer/ezsystems/ezpublish-legacy@2019.3.5%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-29ju-364n-qkch
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.5%252B1
aliases GHSA-39j2-4p9j-5w4j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qymv-b76a-2yh2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ezsystems/ezpublish-legacy@2019.3.5%252B1