| Title |
Severity |
Exploit |
Date |
Affected Version |
|
eZ Platform Object Injection in SiteAccessMatchListener
|
High
|
|
May 15, 2024
|
>= 1.0.0 < 1.0.3
|
|
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
|
Medium
|
|
Mar 20, 2024
|
>= 1.3.0 < 1.3.35
|
|
Ibexa ezplatform-kernel download route allows filename change
|
Low
|
|
Nov 3, 2023
|
>= 1.3.0 < 1.3.34
|
|
CVE-2022-48366
|
Low
|
|
Mar 12, 2023
|
>= 1.3.0 < 1.3.19
|
|
CVE-2021-46875
|
Medium
|
|
Mar 12, 2023
|
>= 1.2.0 < 1.2.5.1
>= 1.3.0 < 1.3.1.1
|
|
CVE-2022-48365
|
High
|
|
Mar 12, 2023
|
>= 1.3.0 < 1.3.26
|
|
eZ Platform users with the Company admin role can assign any role to any user
|
Critical
|
|
Nov 10, 2022
|
>= 1.3.0 < 1.3.26
|
|
Login timing attack in ezsystems/ezplatform-kernel
|
Critical
|
|
Jun 2, 2022
|
>= 1.3.0 < 1.3.19
|
|
Object state limitation has no effect
|
Critical
|
|
Apr 29, 2022
|
>= 1.3.0 < 1.3.17
|
|
CVE-2022-25336
|
Medium
|
|
Feb 18, 2022
|
>= 1.3.0 < 1.3.12
|
ezsystems / ezplatform-kernel