Lucene search

RubySecRUBY:PUBLIFY_CORE-2023-0299

HistoryJan 13, 2023 - 9:00 p.m.

Publify Improper Input Validation vulnerability

2023-01-1321:00:00

RubySec

github.com

input validation

publify

github

software security

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Improper Input Validation in GitHub repository publify/publify prior
to 9.2.10.

Affected configurations

Vulners

Node

rubypublify_coreRange≤9.2.10

VendorProductVersionCPE
rubypublify_core*cpe:2.3:a:ruby:publify_core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	publify_core	*	cpe:2.3:a:ruby:publify_core::::::::

References

github.com/publify/publify/commit/ca46da283572b4f8c0b5aa245008756c8a5fd1b1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Related for RUBY:PUBLIFY_CORE-2023-0299