Ibexa OSS 4.6
22 vulnérabilités sur 13 paquets ont été trouvés
6 paquets abandonnés ont été trouvés
22 vulnérabilités sur 13 paquets ont été trouvés
high XSS in fields used in the Content name pattern
Versions affectées : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Versions patchées : v4.6.14 https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
medium Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Versions affectées : >=4.6.0-beta1,<4.6.9Versions patchées : 4.6.9 https://github.com/advisories/GHSA-qm44-wjm2-pr59
medium Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Versions affectées : >=4.6.0,<4.6.14Versions patchées : 4.6.14 https://github.com/advisories/GHSA-8w3p-gf85-qcch
1 ibexa/fieldtype-richtext —— v4.6.7 +
high Persistent Cross-site Scripting in Ibexa RichText Field Type
Versions affectées : >=4.6.0,<4.6.10Versions patchées : 4.6.10 https://github.com/advisories/GHSA-hvcf-6324-cjh7
high Twig has a possible sandbox bypass
Versions affectées : >=3.0.0,<3.14.0|>=2.0.0,<2.16.1|>=1.0.0,<1.44.8Versions patchées : 1.44.8 2.16.1 3.14.0 https://github.com/advisories/GHSA-6j75-5wfj-gh66
low Unguarded calls to __isset() and to array-accesses when the sandbox is enabled
Versions affectées : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Versions patchées : 3.11.2 3.14.1 https://symfony.com/blog/unguarded-calls-to-__isset-and-to-array-accesses-when-the-sandbox-is-enabled
low Unguarded calls to __toString() when nesting an object into an array
Versions affectées : >=1.0.0,<2.0.0|>=2.0.0,<3.0.0|>=3.0.0,<3.11.2|>=3.12.0,<3.14.1Versions patchées : 3.11.2 3.14.1 https://symfony.com/blog/unguarded-calls-to-__tostring-when-nesting-an-object-into-an-array
1 symfony/http-foundation —— v5.4.40 +
low CVE-2024-50345: Open redirect via browser-sanitized URLs
Versions affectées : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Versions patchées : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-50345
1 symfony/process —— v5.4.40 +
high CVE-2024-51736: Command execution hijack on Windows with Process class
Versions affectées : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Versions patchées : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-51736
1 symfony/runtime —— v5.4.40 +
medium CVE-2024-50340: Ability to change environment from query
Versions affectées : >=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Versions patchées : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-50340
1 symfony/http-client —— v5.4.40 +
low CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
Versions affectées : >=4.3.0,<4.4.0|>=4.4.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7Versions patchées : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-50342
1 symfony/validator —— v5.4.40 +
low CVE-2024-50343: Incorrect response from Validator when input ends with ` `
Versions affectées : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.43|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.11|>=7.0.0,<7.1.0|>=7.1.0,<7.1.4Versions patchées : 5.4.43 6.4.11 7.1.4 5.4.43 6.4.11 7.1.4 https://symfony.com/cve-2024-50343
1 symfony/security-http —— v5.4.40 +
high CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
Versions affectées : >=5.3.0,<5.4.0|>=5.4.0,<5.4.47|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.15|>=7.0.0,<7.1.0|>=7.1.0,<7.1.8Versions patchées : 5.4.47 6.4.15 7.1.8 https://symfony.com/cve-2024-51996
2 ibexa/http-cache —— v4.6.7 +
high BREACH vulnerability in varnish VCL and vhost templates
Versions affectées : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Versions patchées : v4.6.14 https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
medium ibexa/http-cache affected by Breach with Varnish VCL
Versions affectées : >=4.6.0,<4.6.14Versions patchées : 4.6.14 https://github.com/advisories/GHSA-fh7v-q458-7vmw
2 ibexa/post-install —— v4.6.7 +
high BREACH vulnerability in varnish VCL and vhost templates
Versions affectées : v4.0.0,v4.0.8|v4.1.0,v4.1.5|v4.2.0,v4.2.4|v4.3.0,v4.3.5|v4.4.0,v4.4.4|v4.5.0,v4.5.7|v4.6.0,v4.6.13Versions patchées : v4.6.14 https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
medium ibexa/post-install affected by Breach with Varnish VCL
Versions affectées : >=4.6.0,<4.6.14|>=1.0.0,<1.0.16Versions patchées : 1.0.16 4.6.14 https://github.com/advisories/GHSA-4h8f-c635-25p7
1 symfony/var-dumper —— v5.4.40 +
high Symfony's VarDumper vulnerable to unsafe deserialization
Versions affectées : >=7.0.0,<7.0.4|<6.4.4Versions patchées : 6.4.4 7.0.4 https://github.com/advisories/GHSA-cg28-v4wq-whv5
critical In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
* [https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv](https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv)high In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
* [https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43](https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43)high In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
* [https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2](https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2)medium The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
* [http://www.acid-root.new.fr/advisories/14070612.txt](http://www.acid-root.new.fr/advisories/14070612.txt)* [http://securityreason.com/securityalert/2800](http://securityreason.com/securityalert/2800)
* [http://osvdb.org/39834](http://osvdb.org/39834)
* [https://exchange.xforce.ibmcloud.com/vulnerabilities/34836](https://exchange.xforce.ibmcloud.com/vulnerabilities/34836)
* [http://www.securityfocus.com/archive/1/471275/100/0/threaded](http://www.securityfocus.com/archive/1/471275/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471204/100/0/threaded](http://www.securityfocus.com/archive/1/471204/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471178/100/0/threaded](http://www.securityfocus.com/archive/1/471178/100/0/threaded)
6 paquets abandonnés ont été trouvés