publify_core is vulnerable to improper access control. The vulnerability exists in notify_user_via_email
function in article.rb
due to lack of validations in comment field which allows an attacker to view data and perform unauthorized actions
github.com/advisories/GHSA-79m3-q3wh-c3qm
github.com/publify/publify/commit/0e6c66ac2002136517662399bca9d838c80d9739
github.com/publify/publify/pull/1048
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f/
huntr.dev/bounties/6f322c84-9e20-4df6-97e8-92bc271ede3f/