Information Exposure Affecting publify_core Open this link in a new tab package, versions <9.2.8
Exploit Maturity
Proof of concept
Attack Complexity
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-RUBY-PUBLIFYCORE-2825254
-
published
17 May 2022
-
disclosed
17 May 2022
-
credit
Mahendra Thanniru
Introduced: 17 May 2022
CVE-2022-1553 Open this link in a new tabHow to fix?
Upgrade publify_core
to version 9.2.8 or higher.
Overview
publify_core is a Core engine for the Publify blogging system, formerly known as Typo.
Affected versions of this package are vulnerable to Information Exposure. When a request is made to a password-protected article, the UI shows it requires a password to view content, but the content of the article is leaked via the meta tags of the response.