GHSA-m58q-qq5h-mgqq

Опубликовано: 21 июл. 2022

Источник: github

Github: Прошло ревью

CVSS3: 10

Описание

Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository

Impact

This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.

Patches

Upgrade immediately to the latest release of Islandora.

Workarounds

In lieu of an upgrade the following module can be leveraged that will resolve the issue until such a time an upgrade can take place.

For more information

If you have any questions or comments about this advisory:

Open an issue in Islandora
Contact community@islandora.ca.

Ссылки

https://github.com/Islandora/islandora/security/advisories/GHSA-m58q-qq5h-mgqq
https://github.com/Islandora/islandora/commit/573d6878edf057987f1e41e5068de0074573e4c7
https://github.com/Islandora/islandora/releases/tag/2.4.1

Пакеты

Наименование

islandora/islandora

composer

Затронутые версииВерсия исправления

>= 2.0, < 2.4.1

2.4.1

10 Critical

CVSS3

10 Critical

CVSS3