Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7sz7-dqqq-yfdd
Vulnerability ID VCID-7sz7-dqqq-yfdd
Aliases GHSA-mwvh-p3hx-x4gg
Summary Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE https://developers.ibexa.co/security-advisories/ibexa-sa-2024-002-file-validation-and-workflow-stages
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mwvh-p3hx-x4gg
generic_textual MODERATE https://github.com/ezsystems/ezplatform-kernel
generic_textual MODERATE https://github.com/ezsystems/ezplatform-kernel/commit/7e472317f7c75f45f72f74c38406952d8bea0de1
cvssv3.1_qr MODERATE https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-mwvh-p3hx-x4gg
generic_textual MODERATE https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-mwvh-p3hx-x4gg
Reference id Reference type URL
https://developers.ibexa.co/security-advisories/ibexa-sa-2024-002-file-validation-and-workflow-stages
https://github.com/ezsystems/ezplatform-kernel
https://github.com/ezsystems/ezplatform-kernel/commit/7e472317f7c75f45f72f74c38406952d8bea0de1
GHSA-mwvh-p3hx-x4gg https://github.com/advisories/GHSA-mwvh-p3hx-x4gg
GHSA-mwvh-p3hx-x4gg https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-mwvh-p3hx-x4gg
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-11T20:34:15.825851+00:00 GHSA Importer Import https://github.com/advisories/GHSA-mwvh-p3hx-x4gg 38.6.0