Ibexa OSS 4.6
39 vulnerabilities has been found
6 abandonned packages has been found
Last analyse : 21 hours ago
39 vulnerabilities has been found
| # | Total | C | H | M | L | |
|---|---|---|---|---|---|---|
| Composer | 26 | 0 | 13 | 8 | 5 | 0 |
| Php | 13 | 2 | 4 | 3 | 1 | 3 |
Composer
high XSS in fields used in the Content name pattern
Affected versions : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Patched versions : v4.6.14
https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
high XSS vulnerabilities in back office
Affected versions : v4.6.0,v4.6.20Patched versions : v4.6.21
https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
medium Ibexa Admin UI XSS vulnerabilities in back office
Affected versions : >=4.6.0-beta1,<4.6.21Patched versions : 4.6.21
https://github.com/advisories/GHSA-5r6x-g6jv-4v87
medium Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Affected versions : >=4.6.0-beta1,<4.6.9Patched versions : 4.6.9
https://github.com/advisories/GHSA-qm44-wjm2-pr59
medium Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Affected versions : >=4.6.0,<4.6.14Patched versions : 4.6.14
https://github.com/advisories/GHSA-8w3p-gf85-qcch
5 ibexa/fieldtype-richtext —— v4.6.7 +
high XXE vulnerability in RichText
Affected versions : v4.6.0,v4.6.18Patched versions : v4.6.19
https://developers.ibexa.co/security-advisories/ibexa-sa-2025-002-xxe-vulnerability-in-richtext
high XSS vulnerabilities in back office
Affected versions : v4.6.0,v4.6.20Patched versions : v4.6.21
https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
high Persistent Cross-site Scripting in Ibexa RichText Field Type
Affected versions : >=4.6.0,<4.6.10Patched versions : 4.6.10
https://github.com/advisories/GHSA-hvcf-6324-cjh7
high ibexa/fieldtype-richtext allows access to external entities in XML
Affected versions : >=4.6.0-beta1,<4.6.19Patched versions : 4.6.19
https://github.com/advisories/GHSA-cj3w-g42v-wcj6
medium Ibexa RichText Field Type XSS vulnerabilities in back office
Affected versions : >=4.6.0-beta1,<4.6.21Patched versions : 4.6.21
https://github.com/advisories/GHSA-9qv6-4pwm-m68f
high Twig has a possible sandbox bypass
Affected versions : >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8Patched versions : 1.44.8 2.16.1 3.14.0
https://github.com/advisories/GHSA-6j75-5wfj-gh66
low Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Patched versions : 3.11.2 3.14.1
https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled
low Unguarded calls to __toString() when nesting an object into an array
Affected versions : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Patched versions : 3.11.2 3.14.1
https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array
1 symfony/http-foundation —— v5.4.40 +
low CVE-2024-50345: Open redirect via browser-sanitized URLs
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-50345
1 symfony/process —— v5.4.40 +
high CVE-2024-51736: Command execution hijack on Windows with Process class
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-51736
1 symfony/runtime —— v5.4.40 +
medium CVE-2024-50340: Ability to change environment from query
Affected versions : >=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-50340
1 symfony/http-client —— v5.4.40 +
low CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
Affected versions : >=4.3.0,<4.4.0|>=4.4.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Patched versions : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7
https://symfony.com/cve-2024-50342
1 symfony/validator —— v5.4.40 +
low CVE-2024-50343: Incorrect response from Validator when input ends with ` `
Affected versions : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4Patched versions : 5.4.43 6.4.11 7.1.4 5.4.43 6.4.11 7.1.4
https://symfony.com/cve-2024-50343
1 symfony/security-http —— v5.4.40 +
high CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
Affected versions : >=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8Patched versions : 5.4.47 6.4.15 7.1.8
https://symfony.com/cve-2024-51996
2 ibexa/http-cache —— v4.6.7 +
high BREACH vulnerability in varnish VCL and vhost templates
Affected versions : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Patched versions : v4.6.14
https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
medium ibexa/http-cache affected by Breach with Varnish VCL
Affected versions : >=4.6.0,<4.6.14Patched versions : 4.6.14
https://github.com/advisories/GHSA-fh7v-q458-7vmw
2 ibexa/post-install —— v4.6.7 +
high BREACH vulnerability in varnish VCL and vhost templates
Affected versions : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Patched versions : v4.6.14
https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
medium ibexa/post-install affected by Breach with Varnish VCL
Affected versions : >=4.6.0,<4.6.14|>=1.0.0,<1.0.16Patched versions : 1.0.16 4.6.14
https://github.com/advisories/GHSA-4h8f-c635-25p7
1 symfony/var-dumper —— v5.4.40 +
high Symfony's VarDumper vulnerable to unsafe deserialization
Affected versions : >=7.0.0,<7.0.4|<6.4.4Patched versions : 6.4.4 7.0.4
https://github.com/advisories/GHSA-cg28-v4wq-whv5
2 ibexa/admin-ui-assets —— v4.6.7 +
high XSS vulnerabilities in back office
Affected versions : v4.6.0,v4.6.20Patched versions : v4.6.21
https://developers.ibexa.co/security-advisories/ibexa-sa-2025-003-xss-vulnerabilities-in-back-office
medium Ibexa Admin UI assets XSS vulnerabilities in back office
Affected versions : >=4.6.0-alpha1,<4.6.21Patched versions : 4.6.21
https://github.com/advisories/GHSA-vhgq-r8gx-5fpv
Php
critical In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
* [https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv](https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv)
critical In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
* [https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff](https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff)
* [https://security.netapp.com/advisory/ntap-20250523-0005/](https://security.netapp.com/advisory/ntap-20250523-0005/)
high In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
* [https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43](https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43)
high In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
* [https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2](https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2)
high In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
Affected versions : 8.3.0|8.3.18,8.4.0|8.4.5Patched versions :
* [https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477](https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477)
* [https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477](https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477)
high In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
* [https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528](https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528)
* [https://security.netapp.com/advisory/ntap-20250523-0006/](https://security.netapp.com/advisory/ntap-20250523-0006/)
medium The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
Affected versions : 4.4.0|4.4.7,5.0.0|5.0.5,5.1.0|5.1.6,5.2.0|5.2.2Patched versions :
* [http://www.acid-root.new.fr/advisories/14070612.txt](http://www.acid-root.new.fr/advisories/14070612.txt)
* [http://securityreason.com/securityalert/2800](http://securityreason.com/securityalert/2800)
* [http://osvdb.org/39834](http://osvdb.org/39834)
* [https://exchange.xforce.ibmcloud.com/vulnerabilities/34836](https://exchange.xforce.ibmcloud.com/vulnerabilities/34836)
* [http://www.securityfocus.com/archive/1/471275/100/0/threaded](http://www.securityfocus.com/archive/1/471275/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471204/100/0/threaded](http://www.securityfocus.com/archive/1/471204/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471178/100/0/threaded](http://www.securityfocus.com/archive/1/471178/100/0/threaded)
medium In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Affected versions : 8.1.0|8.1.31,8.2.0|8.2.27,8.3.0|8.3.18,8.4.0|8.4.4Patched versions :
* [https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc](https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc)
* [https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc](https://github.com/php/php-src/security/advisories/GHSA-p3x9-6h7p-cgfc)
medium In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
* [https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44](https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44)
* [https://security.netapp.com/advisory/ntap-20250523-0009/](https://security.netapp.com/advisory/ntap-20250523-0009/)
low In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
Affected versions : 8.1.0|8.1.31,8.2.0|8.2.27,8.3.0|8.3.18,8.4.0|8.4.4Patched versions :
* [https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g](https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g)
* [https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g](https://github.com/php/php-src/security/advisories/GHSA-v8xr-gpvj-cx9g)
unassigned A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
* [https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/)
* [https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/)
* [https://kb.cert.org/vuls/id/123335](https://kb.cert.org/vuls/id/123335)
* [https://kb.cert.org/vuls/id/123335](https://kb.cert.org/vuls/id/123335)
* [https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way](https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way)
* [https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way](https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way)
* [https://www.cve.org/CVERecord?id=CVE-2024-1874](https://www.cve.org/CVERecord?id=CVE-2024-1874)
* [https://www.cve.org/CVERecord?id=CVE-2024-1874](https://www.cve.org/CVERecord?id=CVE-2024-1874)
* [https://www.cve.org/CVERecord?id=CVE-2024-22423](https://www.cve.org/CVERecord?id=CVE-2024-22423)
* [https://www.cve.org/CVERecord?id=CVE-2024-22423](https://www.cve.org/CVERecord?id=CVE-2024-22423)
* [https://www.cve.org/CVERecord?id=CVE-2024-24576](https://www.cve.org/CVERecord?id=CVE-2024-24576)
* [https://www.cve.org/CVERecord?id=CVE-2024-24576](https://www.cve.org/CVERecord?id=CVE-2024-24576)
* [https://www.kb.cert.org/vuls/id/123335](https://www.kb.cert.org/vuls/id/123335)
* [https://www.kb.cert.org/vuls/id/123335](https://www.kb.cert.org/vuls/id/123335)
unassigned In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
* [https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678](https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678)
* [https://security.netapp.com/advisory/ntap-20250110-0008/](https://security.netapp.com/advisory/ntap-20250110-0008/)
unassigned In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
* [https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff](https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff)
* [https://security.netapp.com/advisory/ntap-20250110-0009/](https://security.netapp.com/advisory/ntap-20250110-0009/)
6 abandonned packages has been found
Share
[](https://audit.security.code-rhapsodie.fr/en/project/018fdea7-1ba2-7bdf-abab-51452e155926)
[](https://audit.security.code-rhapsodie.fr/en/project/018fdea7-1ba2-7bdf-abab-51452e155926)
[](https://audit.security.code-rhapsodie.fr/en/project/018fdea7-1ba2-7bdf-abab-51452e155926)
[](https://audit.security.code-rhapsodie.fr/en/project/018fdea7-1ba2-7bdf-abab-51452e155926)