Project - Ibexa OSS 4.6

prod

Ibexa OSS 4.6

3 vulnerabilities in 3 packages has been found

6 abandonned packages has been found

Last analyse : 7 hours ago

No result.

3 vulnerabilities in 3 packages has been found

1 ibexa/admin-ui —— v4.6.7 +

medium Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget

Affected versions : >=4.6.0-beta1,<4.6.9
Patched versions : 4.6.9 https://github.com/advisories/GHSA-qm44-wjm2-pr59

Reported 7/31/24

CVE-2024-39318

1 ibexa/fieldtype-richtext —— v4.6.7 +

high Persistent Cross-site Scripting in Ibexa RichText Field Type

Affected versions : >=4.6.0,<4.6.10
Patched versions : 4.6.10 https://github.com/advisories/GHSA-hvcf-6324-cjh7

Reported 8/14/24

CVE-2024-43369

1 twig/twig —— v3.10.3 +

high Twig has a possible sandbox bypass

Affected versions : >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8
Patched versions : 1.44.8 2.16.1 3.14.0 https://github.com/advisories/GHSA-6j75-5wfj-gh66

Reported 9/9/24

CVE-2024-45411

6 abandonned packages has been found

Abandoned package	Suggested replacement
sensio/framework-extra-bundle	Symfony
php-http/message-factory	psr/http-factory
platformsh/symfonyflex-bridge	None
swiftmailer/swiftmailer	symfony/mailer
symfony/swiftmailer-bundle	symfony/mailer
php-http/guzzle6-adapter	guzzlehttp/guzzle or php-http/guzzle7-adapter

Summary Possible update

Your version is Ibexa 4.6

Your version is Symfony 5.4

Your version is Php 7.4