exploitDog

GHSA-vjwg-28gv-pm8h

Опубликовано: 24 апр. 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881

Impact

The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for <6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Patches

The package should be updated to at least 6.8.1 to avoid XSS vulnerability.

Workarounds

Upgrade pimcore to release 11.2.3 or 11.1.6.5.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881

Ссылки

https://github.com/pimcore/pimcore/security/advisories/GHSA-vjwg-28gv-pm8h

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

>= 11.2.0, < 11.2.3

11.2.3

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

>= 11.0.0-ALPHA1, < 11.1.6.5

11.1.6.5

6.1 Medium

CVSS3

Дефекты

CWE-1395

CWE-79

6.1 Medium

CVSS3

Дефекты

CWE-1395

CWE-79