<p>Upgrade <code>publify_core</code> to version 9.2.8 or higher.</p>

Improper Access Control Affecting publify_core package, versions <9.2.8

Snyk CVSS

Attack Complexity High

Threat Intelligence

Exploit Maturity Proof of concept

EPSS 0.07% (29^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-PUBLIFYCORE-2825253
published 17 May 2022
disclosed 17 May 2022
credit nhiephon

Report a new vulnerability Found a mistake?

Introduced: 17 May 2022

CVE-2022-0574 Open this link in a new tab CWE-284 Open this link in a new tab

How to fix?

Upgrade publify_core to version 9.2.8 or higher.

Overview

publify_core is a Core engine for the Publify blogging system, formerly known as Typo.

Affected versions of this package are vulnerable to Improper Access Control where it is possible for anonymous users to leave comments on an article in draft mode.

References

GitHub Commit
GitHub PR