Improper Validation Affecting ezsystems/ezplatform package, versions >=1.13.0, <1.13.5.1 >=2.5.0, <2.5.4 >=1.7.0, <1.7.9.1
Snyk CVSS
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-EZSYSTEMSEZPLATFORM-546873
- published 6 Feb 2020
- disclosed 6 Feb 2020
- credit Unknown
How to fix?
Upgrade ezsystems/ezplatform to version 1.13.5.1, 2.5.4, 1.7.9.1 or higher.
Overview
ezsystems/ezplatform is a fully open source professional CMS (Content Management System) developed by eZ Systems and the eZ Community.
Affected versions of this package are vulnerable to Improper Validation. Front-controller scripts such as app.php should not be cached due to sensitive data being contained within. Note: This vulnerability doesn't affect eZ Platform Cloud (running eZ Platform on the Platform.sh cloud service), or usage of the .platform.app.yaml configuration file.