Search for vulnerabilities
| Vulnerability ID | VCID-r92d-urhv-fbed |
| Aliases |
GHSA-2w9p-xxqr-h253
|
| Summary | eZ Platform Object Injection in SiteAccessMatchListener This Security Advisory is about an object injection vulnerability in the SiteAccessMatchListener of eZ Platform, which could lead to remote code execution (RCE), a very serious threat. All sites may be affected. Update: There are bugs introduced by this fix, particularly but not limited to compound siteaccess matchers. These have been fixed in ezsystems/ezplatform-kernel v1.0.3, and in ezsystems/ezpublish-kernel v7.5.8, v6.13.6.4, and v5.4.15. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | HIGH | https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener |
| cvssv3.1_qr | HIGH | https://github.com/advisories/GHSA-2w9p-xxqr-h253 |
| generic_textual | HIGH | https://github.com/ezsystems/ezplatform-kernel |
| generic_textual | HIGH | https://github.com/FriendsOfPHP/security-advisories/blob/master/ezsystems/ezplatform-kernel/2020-05-20-1.yaml |
| generic_textual | HIGH | https://web.archive.org/web/20201024030303/https://ezplatform.com/security-advisories/ezsa-2020-004-object-injection-in-siteaccessmatchlistener |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:21:42.448159+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/ezsystems/ezplatform-kernel/GHSA-2w9p-xxqr-h253.yml | 38.6.0 |